RE: [gentoo-user] Linux Kernel Warning

2006-07-15 Thread Timothy A. Holmes
-Original Message- From: Daniel Drake [mailto:[EMAIL PROTECTED] Sent: Friday, July 14, 2006 6:59 PM To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Linux Kernel Warning Daniel Drake wrote: However, there is a new security bug in the wild, with similar implications

[gentoo-user] Linux Kernel Warning

2006-07-14 Thread Timothy A. Holmes
Hi Folks: I received the following warning from SANS yesterday, and I need to know how to appropriately respond: http://www.isc.sans.org/diary.php?storyid=1482 To summarize the story at the above link, there appears to be a vulnerability in the linux kernel, which when exploited, will allow a

Re: [gentoo-user] Linux Kernel Warning

2006-07-14 Thread Richard Fish
On 7/14/06, Timothy A. Holmes [EMAIL PROTECTED] wrote: As of this morning, the latest Kernel version in portage is 2.6.16-r12. Using gentoo-sources? Check /usr/portage/sys-kernel/gentoo-sources/ChangeLog: *gentoo-sources-2.6.16-r12 (06 Jul 2006) 06 Jul 2006; Daniel Drake [EMAIL PROTECTED]

Re: [gentoo-user] Linux Kernel Warning

2006-07-14 Thread Raymond Lewis Rebbeck
On Saturday, 15 July 2006 6:31, Timothy A. Holmes wrote: Hi Folks: I received the following warning from SANS yesterday, and I need to know how to appropriately respond: http://www.isc.sans.org/diary.php?storyid=1482 To summarize the story at the above link, there appears to be a

Re: [gentoo-user] Linux Kernel Warning

2006-07-14 Thread Donnie Berkholz
Timothy A. Holmes wrote: As of this morning, the latest Kernel version in portage is 2.6.16-r12. It seems that there is a different versioning / naming scheme used but im not sure. Can someone please let me know how to respond, or point me to appropriate reading so I can protect myself.

Re: [gentoo-user] Linux Kernel Warning

2006-07-14 Thread Daniel Drake
Timothy A. Holmes wrote: As of this morning, the latest Kernel version in portage is 2.6.16-r12. It seems that there is a different versioning / naming scheme used but im not sure. Can someone please let me know how to respond, or point me to appropriate reading so I can protect myself.

Re: [gentoo-user] Linux Kernel Warning

2006-07-14 Thread Ow Mun Heng
On Fri, 2006-07-14 at 14:24 -0700, Donnie Berkholz wrote: There's also the workaround mentioned in the SANS message if you don't feel comfortable with patching, as long as you don't need to use core dumps as non-root. Besides that, there's also the fact that if you don't have local users,

Re: [gentoo-user] Linux Kernel Warning

2006-07-14 Thread Daniel Drake
Daniel Drake wrote: However, there is a new security bug in the wild, with similar implications. Keep an eye open for new kernel releases over the next few hours. No patch yet, suitable workaround is: # mount -o remount,noexec /proc Daniel -- gentoo-user@gentoo.org mailing list