On Saturday, 15 July 2006 6:31, Timothy A. Holmes wrote: > Hi Folks: > > I received the following warning from SANS yesterday, and I need to know > how to appropriately respond: > > http://www.isc.sans.org/diary.php?storyid=1482 > > To summarize the story at the above link, there appears to be a > vulnerability in the linux kernel, which when exploited, will allow a > user to gain root privileges. > > Normally, I would simply upgrade to the latest kernel from portage, and > be done with it, however, here is the problem: > > QUOTING SANS HERE: > "As all kernels 2.6.13 up to version 2.6.17.4 and 2.6.16 before > 2.6.16.24 are affected, you should patch as soon as possible, even if > you don't allow any local users on your machines." > > As of this morning, the latest Kernel version in portage is 2.6.16-r12. > It seems that there is a different versioning / naming scheme used but > im not sure. Can someone please let me know how to respond, or point me > to appropriate reading so I can protect myself.
gentoo-sources-2.6.16-r2 includes the 2.6.16.24 patchset. Have a look at the ebuild changelog: http://www.gentoo.org/cgi-bin/viewcvs.cgi/*checkout*/sys-kernel/gentoo-sources/ChangeLog -- Raymond Lewis Rebbeck -- gentoo-user@gentoo.org mailing list