[ltp] Linux Kernel security flaw exposed

James McKenzie linux-thinkpad@linux-thinkpad.org
Sat, 06 Dec 2003 14:28:17 -0700

Fix out for Red Hat and Fedora.

James McKenzie

j_f_clark wrote:

> Hi, All.
> I have been out galavanting for a week and had to spend a couple of 
> hours catching up on my email today.  It has been a rather strange 
> experience of listening to three conversations at once.  The Linux 
> kernel flaw that was exploited on the Debian servers last week figured 
> prominently in 2 of those conversations but was completely absent from 
> the linux-thinkpad list.  So I decided to introduce the issue.
> The main article can be found at 
> <http://www.eweek.com/article2/0,4149,1400446,00.asp>
> This flaw exists in 2.4.22 and earlier kernels.  In practical terms 
> all of the current major distributions except (perhaps) Mandrake 9.2 
> are vulnerable.  Apparently Mandrake introduced a fix during its 9.2 
> pre-release activities.  See 
> http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:110 
> I also read that SuSE has posted a patch.
> Joe Clark