oshooda
join:2005-11-26 | reply to kluess_
Re: Linux Kernel 2.6.22.16 and Prior Multiple Memory Corruption
Hmmm... I couldn't help but wonder when Ubuntu Gutsy will catch up.
me@cruncher:~$ uname -a
Linux cruncher 2.6.22-14-generic #1 SMP Tue Feb 12 07:42:25 UTC 2008 i686 GNU/Linux
|
|
jdong
Eat A Beaver, Save A Tree.
Premium
join:2002-07-09
Rochester, MI
clubs:  
| said by oshooda  :Hmmm... I couldn't help but wonder when Ubuntu Gutsy will catch up. me@cruncher:~$ uname -a
Linux cruncher 2.6.22-14-generic #1 SMP Tue Feb 12 07:42:25 UTC 2008 i686 GNU/Linux
I talked to one of our Security Team folks about this bug, and he says that he's aware of this and it's been scheduled for this week's security update to the kernel. They needed more time to test the fix for regressions than the other CVE's the last security release cycle.
(He also felt that the impact of this vulnerability is not particularly earth-shattering, as contrasted to, say, the vmsplice one)
--
Ubuntu MOTU Developer and Forums Council |
|
sivran
God Save The Suite
Premium
join:2003-09-15
Arlington, TX
clubs:
 ·RoadRunner Cable
·Comcast
| But, it appears to be a local 'sploit. Meaning, as long as only I have physical access to it, I'm not worried. Or did I miss something?
And my 2.4 deb box can continue chugging along, doing its duty quite efficiently. 
--
Think outside the fox...Seamonkey |
|
jdong
Eat A Beaver, Save A Tree.
Premium
join:2002-07-09
Rochester, MI
clubs:
| said by sivran :But, it appears to be a local 'sploit. Meaning, as long as only I have physical access to it, I'm not worried. Or did I miss something? And my 2.4 deb box can continue chugging along, doing its duty quite efficiently. Your Deb box actually had a DSA released to patch that up
And it's not even much of a root 'sploit locally -- it can only be triggered at all with certain modules actively loaded (the deprecated VIA southbridge OSS sound driver, some USB dongle gadget, one DRI module)
--
Ubuntu MOTU Developer and Forums Council |
|
oshooda
join:2005-11-26
| reply to jdong
Thanks for checking into that, and for the additional information.
I was pretty sure that this wasn't that much of an issue to begin with, but was a bit curious about why that kernel would still be in use if it were really as out of date as the first few posts might make it seem. |
|
jdong
Eat A Beaver, Save A Tree.
Premium
join:2002-07-09
Rochester, MI
clubs:
| said by oshooda :Thanks for checking into that, and for the additional information. I was pretty sure that this wasn't that much of an issue to begin with, but was a bit curious about why that kernel would still be in use if it were really as out of date as the first few posts might make it seem. Well it always does take time for fixes to trickle down the stream so to speak. Distributions, vendors , and local administrators all tend to make decisions on whether or not to include certain patches, and whether to do so *NOW* or group a bunch together every month instead of spamming the user every other day.
From an upstream perspective this bug is an old news but certainly there might be downstream distributions that still employ a vulnerable kernel.
--
Ubuntu MOTU Developer and Forums Council |
|
