Correct, the Live CD does not contain an updated kernel for the personality-via-pulse exploit (CVE-2009-1895), fixed in USN-807-1, which allowed mmap_min_addr to be bypassed. Ubuntu with Wine installed are most likely to be single-user systems, which helps reduce the number of people in real danger from this vulnerability.
This current bug is certainly important, which is why it's not being ignored. Kernels take a while to build for all releases on all architectures, and will be completed later today. ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-1895 -- Local root exploit via CVE-2009-2692 (incorrect proto_ops initializations) https://bugs.launchpad.net/bugs/413656 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
