From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1G1V13-00062E-VT for garchives@archives.gentoo.org; Fri, 14 Jul 2006 21:16:06 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.7/8.13.6) with SMTP id k6ELDYU7024376; Fri, 14 Jul 2006 21:13:34 GMT Received: from srvexch-01.mcaschool.local (srvexch-01.mcaschool.local [24.239.210.32] (may be forged)) by robin.gentoo.org (8.13.7/8.13.6) with ESMTP id k6EL2ouZ029503 for ; Fri, 14 Jul 2006 21:02:51 GMT Content-class: urn:content-classes:message Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-MimeOLE: Produced By Microsoft Exchange V6.5 Subject: [gentoo-user] Linux Kernel Warning Date: Fri, 14 Jul 2006 17:01:38 -0400 Message-ID: <17CD9CE4C0FA574A8B29EF02D49B385D0F5646@srvexch-01.mcaschool.local> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Linux Kernel Warning Thread-Index: AcancutDr6kH9V+pSIy/QzDfZ8KXxQAFRk7A From: "Timothy A. Holmes" To: Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by robin.gentoo.org id k6EL2ouZ029503 X-Archives-Salt: 3063ac1a-c831-4b77-9aa3-fb298ac4cb07 X-Archives-Hash: 27f9ecfc10e260a8f72c4c26d5d6c1ec Hi Folks: I received the following warning from SANS yesterday, and I need to know how to appropriately respond: http://www.isc.sans.org/diary.php?storyid=1482 To summarize the story at the above link, there appears to be a vulnerability in the linux kernel, which when exploited, will allow a user to gain root privileges. Normally, I would simply upgrade to the latest kernel from portage, and be done with it, however, here is the problem: QUOTING SANS HERE: "As all kernels 2.6.13 up to version 2.6.17.4 and 2.6.16 before 2.6.16.24 are affected, you should patch as soon as possible, even if you don't allow any local users on your machines." As of this morning, the latest Kernel version in portage is 2.6.16-r12. It seems that there is a different versioning / naming scheme used but im not sure. Can someone please let me know how to respond, or point me to appropriate reading so I can protect myself. Thanks TIM Timothy A. Holmes IT Manager / Network Admin / Web Master / Computer Teacher Medina Christian Academy A Higher Standard... -- gentoo-user@gentoo.org mailing list