I haven't seen anyone else post about this, so this message is forwarded from the kernel list, about a new kernel vulnerability. The vulnerability is severe as it leads to root authority, but so far only local logins have been demonstrated to have the ability to exploit it. So, for most Fedora users, it means they aren't at risk. I'm running the kernel with the fix, and it is working fine so far. The link explains the risk, it has to do with the interaction between user stacks and kernel stacks, and one gaining access to the other with bad things happening thereafter. Begin forwarded message: Date: Mon, 19 Jun 2017 16:30:28 -0700 From: Laura Abbott <labbott@xxxxxxxxxx> To: Kernel Fedora <kernel@xxxxxxxxxxxxxxxxxxxxxxx> Subject: Stack clash and Fedora Hi, If you haven't seen it, a new kernel vulnerability was announced https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt Updates have been filed in bodhi with the fix https://bodhi.fedoraproject.org/updates/FEDORA-2017-1225995344 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b93e6de389 https://bodhi.fedoraproject.org/updates/FEDORA-2017-79f099cbba Please test and leave karma if this update works for you. This is especially important for F24 which has seen a falloff in karma recently. Thanks, Laura _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
