[Security] Kernel bug allows change of group id of files

[N.B.]

Read the advisory from RedHat here:
http://www.suse.de/de/security/2004_20_kernel.html

SuSE´s here:
http://rhn.redhat.com/errata/RHSA-2004-354.html

Patches will prolly come soon on www.kernel.org as well


so long ...

 

[serjer]

cheer 4 info bro

 

[scarecrow]

Thank you- although the links are put in reverse order...
The bug seems to affect both 2.4.X and 2.6.X kernels.
SuSE has already issued patched kernels, and unofficial Mandrake ones too
( http://mandrake.contactel.cz/people/svetljo/mandrake/kernel )
Those Mandrake kernels are sds - prepatched (= quasi experimental), so might not appeal to anyone... the last issued one on every category includes the vulnerability patch.
Personally I prefer to build my own kernels (currently for Mandrake 10.0 and Slackware 9.0), and I will patch all of them as soon as the official patch appears on kernel.org

 

[N.B.]

Oha, mixed up the links :>

Yeah, this is not that bad if you don´t run a multi user enviroment ...