LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

November 2009

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS November 2009

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: whats this new exploit then? (2009/11/03)
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Wed, 4 Nov 2009 11:42:43 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (70 lines)

Stephan Wiesand wrote:
> Hi Troy,
> 
> On Nov 4, 2009, at 16:24, Troy Dawson wrote:
> 
>> Recent RHEL releases?
>> No, not recent ... all
> 
> right. But for SL4 with the latest kernel (-98.0.15), it's just DOS  
> *if* vm.mmap_min_addr is set to, say, 4096. Which, unfortunately, is  
> not the default. SL5 with SELinux *dis*abled is safe as well, but if  
> SELinux is enforcing or permissive it's not, and nor is SL3.
> 
> If you have trouble getting all those kernels & modules & dependencies  
> out today, could your try to do SL5 first, then SL3, and then SL4?
> 

Well, the building isn't the hard part, that's all done now for all of 
them, and I believe I'll be able to get SL3 and SL4 out today.

SL5 is going to go into testing today, with the expectation that it will 
go into the main update on monday.

Why wait that long?
We're updating openafs to version 1.4.11 with this kernel change.
We're using RedHat's Fuse with this kernel change
For x86_64 we're using RedHat's XFS with this kernel change
We're replacing madwifi with the proper atheros driver, with this kernel 
change. (maybe)
We're replacing ipw3945 with iwlwifi-3945 with this kernel change. (maybe)

For the maybies (madwifi and ipw3945), I'm not sure the infrastructure 
is in place on the older SL 5 releases.  So we might just keep providing 
those kernel-modules, which will probrubly be the easy way to do things.

I might be able to be persuaded to move the time frame up, but it 
definitely is going into testing today, and will be there at least one 
day, no shorter.

Troy

> Thanks,
> 	Stephan
> 
>> We already have the kernels all built, and are working on the  
>> dependencies.
>>
>> Troy
>>
>> Faye Gibbins wrote:
>>> Hi,
>>>  Any comment from the SL5 distro  maintainers on this exploit  
>>> apparently in recent RHEL releases?
>>> http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/
>>> Faye
>>
>> -- 
>> __________________________________________________
>> Troy Dawson  [log in to unmask]  (630)840-6468
>> Fermilab  ComputingDivision/LSCS/CSI/USS Group
>> __________________________________________________
> 

-- 
__________________________________________________
Troy Dawson  [log in to unmask]  (630)840-6468
Fermilab  ComputingDivision/LSCS/CSI/USS Group
__________________________________________________

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV