Posted by Beat Rubischon on Thursday December 16, @01:02PM
| Two Linux kernel problems
from the bad-news-from-poland dept.
Paul Starzetz discovered two problems in the Linux Kernel. Both of them affects multicast enabled kernels. Our servers will be rebootet on Saturday, December 18. between 10:00 and 12:00 and the workstations between 12:00 and 15:00.
Update: Sat 11:30 Servers are OK.
You will find more information on Paul's website: Linux kernel IGMP vulnerabilities and Linux kernel scm_send local DoS. Patches to the recent kernels are already written: For 2.4
and for 2.6
The BitKeeper archive of 2.6 contains a lot more security relevant stuff and you should consider this kernel as highly experimental. Older kernels seems not to be affected.
Multicasting is used in ETHZ for IPTV and so enabled on all of our managed workstations.
The binary kernels of the distributions are not yet fixed - with the exception of Ubuntu. Please follow the securitylists of your distribution in case you are not building your kernels yourself.