Am 17.09.2010 17:39, schrieb Moritz Rudert: > Hi everybody, > unfortunately today a new root exploit appeared. > > Look at: http://sota.gen.nz/compat2/ > > After some tests I can say: It works on Archlinux and Ubuntu, but not on > debian. > > The "bugfix" found on http://seclists.org/fulldisclosure/2010/Sep/273 > does not work on Arch and Ubuntu. There's actually two holes with two exploits. This workaround is for the 'compat1' exploit - which doesn't work on Arch, unlike compat2, which works. If I understand this right, the following three patches fix the problems: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=36d001c70d8a0144ac1d038f6876c484849a74de http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff&h=c41d68a513c71e35a14f66d71782d27a79a81ea6 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=eefdca043e8391dcd719711716492063030b55ac I am building a new 64 Bit kernel26 right now, but I don't know when I can push this to the repositories, hopefully some time tonight.
Attachment:
signature.asc
Description: OpenPGP digital signature
