Subject: | |
From: | |
Reply To: | |
Date: | Wed, 19 Aug 2009 13:25:53 +0200 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
On Wed, 2009-08-19 at 11:17 +0100, Dr Andrew C Aitchison wrote:
> >> Has anyone with a TAM with RedHat reported this to them yet?
> > You mean
> >> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2692, right?
>
> Is there anyone here with access to the "depends upon bugs"
> 516950 516951 516952 516953 516954 516955 517444 517445
> who can tell us what is taking Red Hat so long ?
Good question. Let's hope they'll come up with something better than
just the one line fix from upstream. Like enforcing vm.mmap_min_addr for
nonzero UIDs before SELinux doesn't.
> I'm very tempted to waste time and roll my own
> 2.6.18-128.4.1.el5+CVE.2009.2692 jut for my own piece of mind,
We did this, and are rolling it out. No problems yet. Yes, it may be a
waste of time. But then imagine they decide to defer the fix to the
dot-0 kernel coming with 5.4...
> but I see that they have submitted *three* updates for Fedora 11*
> so they may be having problems ...
>
> * kernel-2.6.29.6-217.2.7.fc11
I think this is the only one released yet.
> kernel-2.6.30.5-28.rc2.fc11
> and kernel-2.6.30.5-32.fc11
Rebase to 2.6.30 causing other problems?
> [ If I were paying for support from Red Hat I would take a one
> one month holiday at the end of my current contract as a protest
> at the delay, unless I knew what was going on.
> ]
Really not into TUV bashing, but: If you were paying for support, you'd
receive a very polite response with pointers to BZ #516949 and KB #18065
when asking for the ETA for a true solution. You'd also learn that this
is a severity 3 (medium) issue.
--
Stephan Wiesand
DESY - DV -
Platanenallee 6
15738 Zeuthen, Germany
|
|
|