>From reading the description of the vulnerability: http://www.h-online.com/security/Critical-vulnerability-in-the-Linux-kernel-affects-all-versions-since-2001--/news/114004
it seems as though there might be a simple workaround: "Ormandy and Tiennes say, however, that the exploit will not work on current kernels with mmap_min_addr support if a number greater than zero is defined by means of sysctl as the value for vm.mmap_min_addr." On my 8.04.3 LTS sytem: $ grep mmap_min_addr /etc/sysctl.conf vm.mmap_min_addr = 65536 $ sysctl vm.mmap_min_addr vm.mmap_min_addr = 65536 I'm not sure if changing the vm.mmap_min_addr is good enough until the kernel patch makes its way down the pipe. Regards, - Robert On Tue, Aug 18, 2009 at 1:05 PM, john<[email protected]> wrote: > Hello all, > > I am trying to figure out why ubuntu hasn't released an updated kernel > following last weeks Linux Kernel vulnerability > http://www.h-online.com/security/Linux-kernel-vulnerability-fixes-Update--/news/114021 > > Debian has already announced and patched this as DSA 1864-1 . I > haven't seen any thing on ubuntu-security-announce > > Does anyone have any insight into this? > > Thanks, > > John -- edubuntu-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-devel
