On Thu, Nov 5, 2009 at 11:50 AM, Jeffrey 'jf' Lim <[email protected]> wrote: > On Thu, Nov 5, 2009 at 11:35 AM, Luther Goh Lu Feng <[email protected]> > wrote: >> >> I would like to ask if anyone can enlighten me if the below mentioned bug >> is affecting centos. >> >> http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ >> >
Damn, It seems to me the register gets it all wrong... as often. First the bug mentionned, is no different than this one (Julien Tinnes even mentiones Bradley Sprangler on his blog (2nd link)): http://blog.cr0.org/2009/06/bypassing-linux-null-pointer.html http://lwn.net/Articles/347006/ Unless I get it wrong, it seems to me that It has been patched on most distros already! I think the register tries to make a big deal of Sprengler's complaints! What the register gets wrong: "The latest bug is mitigated by default on most Linux distributions, thanks to their correct implementation of the mmap_min_addr feature. But to make RHEL compatible with a larger body of applications, that distribution is vulnerable to attack even when the OS shows the feature is enabled, Spengler said." Should be more like (cause RHEL is not the only one affected): "The latest bug is mitigated by default on most Linux distributions, thanks to their correct implementation of the mmap_min_addr feature. But some application like wine, dosemu, or others needs that feature disabled to run." In the Debian wiki, for exemple, they write: http://wiki.debian.org/mmap_min_addr Hope the above helps you, if you're not running any wine or dosemu or others. Cheers, Sylvain _______________________________________________ LUGS Mailing list - [email protected] List FAQ: http://wiki.lugs.org.sg/LugsMailingListFaq Info page: http://www.lugs.org.sg/mailman/listinfo/slugnet To unsubscribe send an empty email to: [email protected]
