Hi, As most of you probably already know, a local root exploit was released yesterday which affects kernels from 2.6.17 to 2.6.24.1. Is there an official patch for dom0 and domU kernels, or can the backport of the official kernel patch be used on these kernels? Regards, Zoltan HERPAI _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Zoltan HERPAI schrieb:> Hi, > > As most of you probably already know, a local root exploit was released > yesterday which affects kernels from 2.6.17 to 2.6.24.1. Is there an > official patch for dom0 and domU kernels, or can the backport of the > official kernel patch be used on these kernels?Hi, thanks for reminding this exploit, as far as I can see, there''s no kernel patch at all available. The GIT Repository also shows no real solution. Do you have any suggestions on how to fix this issue _now_ ? cheers Stephan> Regards, > Zoltan HERPAI > > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users-- Stephan Seitz Senior System Administrator *netz-haut* e.K. multimediale kommunikation zweierweg 22 97074 würzburg fon: +49 931 2876247 fax: +49 931 2876248 web: www.netz-haut.de <http://www.netz-haut.de/> registriergericht: amtsgericht würzburg, hra 5054 _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Stephan Seitz wrote:> Zoltan HERPAI schrieb: >> Hi, >> >> As most of you probably already know, a local root exploit was >> released yesterday which affects kernels from 2.6.17 to 2.6.24.1. Is >> there an official patch for dom0 and domU kernels, or can the >> backport of the official kernel patch be used on these kernels? > > Hi, thanks for reminding this exploit, as far as I can see, there''s no > kernel patch at all available. The GIT Repository also shows no real > solution. > Do you have any suggestions on how to fix this issue _now_ ?Hi, For kernels around 2.6.22, backporting of the 2.6.24.1->2.6.24.2 diff will work, so this could be used for people who use 2.6.23.x and up for domU. For kernels around 2.6.18 or for which the official fix does not apply, I was told short ago that a "return -ENOSYS;" in fs/splice.c sys_vmsplice() might work as "nothing uses it", but I have yet to check it on my boxes. Regards, Zoltan HERPAI _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hi; 11 Şub 2008 Pts tarihinde, Zoltan HERPAI şunları yazmıştı:> As most of you probably already know, a local root exploit was released > yesterday which affects kernels from 2.6.17 to 2.6.24.1. Is there an > official patch for dom0 and domU kernels, or can the backport of the > official kernel patch be used on these kernels? > > Regards, > Zoltan HERPAIfor 2.6.18 based kernels [1] is enough [1] http://svn.pardus.org.tr/pardus/devel/kernel-xen/dom0/kernel-dom0/files/CVE/CVE-2008-0600.patch Cheers -- S.Çağlar Onur <caglar@pardus.org.tr> http://cekirdek.pardus.org.tr/~caglar/ Linux is like living in a teepee. No Windows, no Gates and an Apache in house! _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hi, i would say it depends on your distribution... SuSE released an Update see: http://support.novell.com/techcenter/psdb/e1a28e357307ceda78d1b761f138dfcb.html and i think RedHat will do the same :-) Mit freundlichen Grüßen / with kind regards Gerhard Possler IT Architect IBM Enterprise Linux Services ELS Wiki@IBM (only accessible via IBM intranet) IT-Services and Solutions GmbH Rathausstr. 7, D-09111 Chemnitz Geschäftsführung: Rainer Laier, Michael Mai Sitz der Gesellschaft: Chemnitz Registergericht: Amtsgericht Chemnitz, HRB 18409 http://www.itsas.de/ gerhard.possler@de.ibm.com Mobil +49 (0) 160 90578637 "S.Çağlar Onur" <caglar@pardus.org.tr> Sent by: xen-users-bounces@lists.xensource.com 11.02.2008 12:33 Please respond to caglar@pardus.org.tr To xen-users@lists.xensource.com cc Subject Re: [Xen-users] patch for kernel exploit? Hi; 11 Şub 2008 Pts tarihinde, Zoltan HERPAI şunları yazmıştı:> As most of you probably already know, a local root exploit was released > yesterday which affects kernels from 2.6.17 to 2.6.24.1. Is there an > official patch for dom0 and domU kernels, or can the backport of the > official kernel patch be used on these kernels? > > Regards, > Zoltan HERPAIfor 2.6.18 based kernels [1] is enough [1] http://svn.pardus.org.tr/pardus/devel/kernel-xen/dom0/kernel-dom0/files/CVE/CVE-2008-0600.patch Cheers -- S.Çağlar Onur <caglar@pardus.org.tr> http://cekirdek.pardus.org.tr/~caglar/ Linux is like living in a teepee. No Windows, no Gates and an Apache in house! _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users