[ltp] Linux Kernel security flaw exposed
j_f_clark
linux-thinkpad@linux-thinkpad.org
Sat, 06 Dec 2003 13:37:02 -0500
Hi, All.
I have been out galavanting for a week and had to spend a couple of hours
catching up on my email today. It has been a rather strange experience of
listening to three conversations at once. The Linux kernel flaw that was
exploited on the Debian servers last week figured prominently in 2 of those
conversations but was completely absent from the linux-thinkpad list. So I
decided to introduce the issue.
The main article can be found at
<http://www.eweek.com/article2/0,4149,1400446,00.asp>
This flaw exists in 2.4.22 and earlier kernels. In practical terms all of
the current major distributions except (perhaps) Mandrake 9.2 are
vulnerable. Apparently Mandrake introduced a fix during its 9.2
pre-release activities. See
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:110
I also read that SuSE has posted a patch.
Joe Clark