Re: Kernel update status
On Fri, 17 Sep 2010 23:31:09 +0200 Sylvain Beucler wrote:
> On Fri, Sep 17, 2010 at 11:08:39PM +0200, Norbert Tretkowski wrote:
> > Am Freitag, den 17.09.2010, 22:37 +0200 schrieb Sylvain Beucler:
> > > The 2.6.32 kernel in bpo is affected by CVE-2010-3301:
> > > http://sota.gen.nz/compat2/
> > > (with escalation to root privs)
> > >
> > > I suppose that people are working on fixing this, for squeeze and then
> > > for bpo - is there a status / ETA?
> >
> > The package for lenny-backports gets updated as soon as there is an
> > update for unstable available.
>
> Thanks. I'm interested in an estimation of the time this will take,
> which will help me decide whether I should just work-around the
> problem (shutdown / disable 32-bit...) until the update, or if I
> should patch it myself, or look for some unofficial update.
The fixes are already commited to the kernel svn and pending for
2.6.32-23. I however don't know when that will be uploaded. You could
get the kernel sources from their git tree and compile it on your own.
There is also a workaround for CVE-2010-3081 [0]. Note that you have
to run that after every boot.
Best wishes,
Mike
[0] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3081
Reply to: