from the reboot dept.
Last weekend two local root exploits have been released to the public, one that affects 2.6.23 up to 126.96.36.199 and 2.6.24 (CVE-2008-0009, CVE-2008-0010) and one that affects all versions beginning with 2.6.17 and up to 188.8.131.52, 184.108.40.206, and 220.127.116.11 (CVE-2008-0600). There are new kernel releases available which fix these issues: 18.104.22.168, 22.214.171.124, and 126.96.36.199.
About half of our managed Linux workstations are already running a patched 188.8.131.52 kernel, the rest will be rebooted this evening after 10:00pm. Please logout this evening before you go home, save all unsafed work and don't start any long running jobs. To see if your workstation is still affected, check our Big Brother: All workstations where the updates column ("upd") is yellow are not yet rebooted. You may also reboot your workstation yourself earlier.
A nice summary about these issues can be found in this blog posting.
< | >