Hello... On Thu, 2009-04-16 at 15:44 -0400, [email protected] wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ===================================================================== > Red Hat Security Advisory > > Synopsis: Important: udev security update > Advisory ID: RHSA-2009:0427-01 > Product: Red Hat Enterprise Linux > Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0427.html > Issue date: 2009-04-16 > CVE Names: CVE-2009-1185 > ===================================================================== > > 1. Summary: > > Updated udev packages that fix one security issue are now available for Red > Hat Enterprise Linux 5. > > This update has been rated as having important security impact by the Red > Hat Security Response Team. > <snip>
> It was discovered that udev did not properly check the origin of Netlink > messages. A local attacker could use this flaw to gain root privileges via > a crafted Netlink message sent to udev, causing it to create a > world-writable block device file for an existing system block device (for > example, the root file system). (CVE-2009-1185) > I looked through the advisories from several Linux distros, but did not see any mention as to if this update needs a reboot, or just a daemon restart. The rpm does a restart of the udev daemon, so I am assuming a reboot is not necessary, but it would be nice if someone could confirm this. thanks -- Christopher McCrory "The guy that keeps the servers running" [email protected] http://www.pricegrabber.com Let's face it, there's no Hollow Earth, no robots, and no 'mute rays.' And even if there were, waxed paper is no defense. I tried it. Only tinfoil works. _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
