On 09/17/2010 05:48 PM, Thomas Bächler wrote: > Am 17.09.2010 17:39, schrieb Moritz Rudert: >> Hi everybody, >> unfortunately today a new root exploit appeared. >> >> Look at: http://sota.gen.nz/compat2/ >> >> After some tests I can say: It works on Archlinux and Ubuntu, but not on >> debian. >> >> The "bugfix" found on http://seclists.org/fulldisclosure/2010/Sep/273 >> does not work on Arch and Ubuntu. > There's actually two holes with two exploits. This workaround is for the > 'compat1' exploit - which doesn't work on Arch, unlike compat2, which > works. If I understand this right, the following three patches fix the > problems: > > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=36d001c70d8a0144ac1d038f6876c484849a74de > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff&h=c41d68a513c71e35a14f66d71782d27a79a81ea6 > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=eefdca043e8391dcd719711716492063030b55ac > > I am building a new 64 Bit kernel26 right now, but I don't know when I > can push this to the repositories, hopefully some time tonight. > Please also update kernel26-lts. Thanks Moritz <helios> Rudert
