Hi Troy, Connie, So, there's a new kernel out for SL4x, 2.6.9-89.0.7. From the ERRATA you sent out (see edited email below), it appears this does *not* fix the vulnerability (CVE-2009-2692) that I just mitigated with the module-remove/move-to-a-safedir script I just ran over the weekend - true? (re: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2692)
Downloading and installing this new kernel, I now have the bluetooth and the other offending modules in the /lib/modules area. So I assume I now need to run the script again? (actually I did anyway on a test box and it moved bluetooth.ko, sctp.ko, pppoe.ko, and pppox.ko to the safedir.) Thanks! - Larry -------- Original Message -------- Subject: Security ERRATA Important: kernel on SL4.x i386/x86_64 Date: Tue, 18 Aug 2009 16:53:33 -0500 From: Troy Dawson <[email protected]> To: [email protected] <[email protected]> Synopsis: Important: kernel security and bug fix update Issue date: 2009-08-13 CVE Names: CVE-2009-1389 CVE-2009-1439 CVE-2009-1633 CVE-2009-1439 kernel: cifs: memory overwrite when saving nativeFileSystem field during mount CVE-2009-1633 kernel: cifs: fix potential buffer overruns when converting unicode strings sent by server CVE-2009-1389 kernel: r8169: fix crash when large packets are received [snip...] -------- End Original Message -------- -- P. Larry Nelson (217-244-9855) | Systems/Network Administrator 461 Loomis Lab | High Energy Physics Group 1110 W. Green St., Urbana, IL | Physics Dept., Univ. of Ill. MailTo:[email protected] | http://www.roadkill.com/lnelson/ ------------------------------------------------------------------- "Information without accountability is just noise." - P.L. Nelson
