from the it's-been-a-hard-day's-night-ehm-weekend dept.
Although there was a local root exploit fixed recently in some versions of the Linux 2.6 Kernel which resulted in Kernel 220.127.116.11, on Friday night another local root exploit using a race condition in the /proc file system (CVE-2006-3626) became public, this time concerning all previous 2.6 kernels. So on Saturday morning Kernel 18.104.22.168 has been released, which fixed this vulnerability. Then the developers noticed that the fix was "a bit to draconic" which means that in some cases it prevented to much, and released 22.214.171.124 on Sunday.
So if you run a computer using a Linux 2.6 Kernel less than 126.96.36.199, please update as soon as possible to 188.8.131.52. If you have already updated to Kernel 184.108.40.206 this weekend and it works for you, it's fine, too.
As with the update to Kernel 220.127.116.11, workstations with Kernel 2.6 which are managed by us have been updated already.
Update: If you experience trouble with ps not showing all processes as user, you found the difference between Kernel 18.104.22.168 and 22.214.171.124 and should probably upgrade.
< | >