recent kernel upgrades.. security.

jason andrade jason at rtfmconsult.com
Tue Mar 18 20:41:00 CST 2003


Hi,

I'd strongly recommend that people out there using Red Hat Linux with
multi user access systems consider upgrading to the latest RH kernel as
there appears to be an exploit being circulated that takes advantage of the
newest security hole to be discovered..

It is specifically vulnerable to people with local (account/shell/process)
access to the machine and is not a remote exploit.

Of course this should also have the 'fixed' tg3 code from jeff garzik
(released in -26) so if you are upgrading please be aware that you
will not have the bcm5700 module available anymore and will need to
modify your modules.conf appropriately.


Currently this appears to be fixed by (find your closest RH mirror)

http://www.redhat.com/mirrors/

2.4.18-27.7.x (Red Hat 7.1/7.2/7.3)
2.4.18-27-8.x (Red Hat 8.0)

I have not seen whether the Red Hat 2.1 AS/AW kernels are vulnerable
to this so it'd be good if someone from Red Hat could clarify this..


Generic Kernels

2.4.21preX - i have not seen a 2.4.21pre6 patch released yet.
2.2.25

see:   http://www.spinics.net/lists/kernel/msg162986.html


I have not seen any updates from Mandrake, SuSE or Slackware yet
so if you are running on any of those platforms you will probably
want to contact them directly or wait for a few days to see if
they are announcing/releasing updates.


regards,

-jason




More information about the Linux-PowerEdge mailing list