Re: Debian 4.0 and mmap_min_addr null pointer dereference flaw
On Wed, Nov 4, 2009 at 9:15 AM, Dominic Hargreaves <dom@earth.li> wrote:
> On Wed, Nov 04, 2009 at 09:05:20AM -0800, john wrote:
>> I see that there is another null pointer dereference flaw being talked about.
>> http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/
>>
>> It looks like we can take step in Debian 5.0 to mitigate this threat by setting
>> echvm.mmap_min_addr = 4096
>>
>> per http://wiki.debian.org/mmap_min_addr
>>
>> I am running some servers running Debian 4.0. I doesn't look like
>> there is a /etc/sysctl.d/mmap_min_addr.conf to edit. Where are these
>> values stored
>> under Debian 4.0.
>>
>> What is the right way to proceed? Should I be looking at upgrading my servers?
>
> The mmap_min_addr tuneabout was not introduced until after 2.6.18,
> which is the default etch kernel. I am using the 'etchnhalf' kernel
> (linux-image-2.6.24-etchnhalf*) on an etch machine, partly since it
> offers this protection.
>
Thanks Dominic,
So would
sudo apt-get install linux-image-2.6.24-etchnhalf.1-686
be the right approach here?
John
> --
> Dominic Hargreaves | http://www.larted.org.uk/~dom/
> PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
>
Reply to: