what kernel will be on the yum system patched for CVE-2009-2692

[marko]

Where can I see the log or notice about which upcoming kernel will include the
permission escalation patch? I just noticed 2.6.29.6-217.2.7.fc11 went out, is that it?

[aleph]

http://koji.fedoraproject.org/koji/b...buildID=127529

Quote:

* Sat Aug 15 2009 Kyle McMartin <kyle@redhat.com> 2.6.29.6-217.2.8
- CVE-2009-2767: Fix clock_nanosleep NULL ptr deref.
* Fri Aug 14 2009 Kyle McMartin <kyle@redhat.com> 2.6.29.6-217.2.7
- CVE-2009-2692: Fix sock sendpage NULL ptr deref.

[marko]

Yeah, but I can't use the koji kernel, I mean what kernel is planned in the official yum repositories
to have the CVE-2009-2692 fix. I have to use our companies local mirror of the official yum repos and we're not supposed to go out to unofficial ones like koji.

[SlowJet]

Quote:

Originally Posted by marko

Yeah, but I can't use the koji kernel, I mean what kernel is planned in the official yum repositories
to have the CVE-2009-2692 fix. I have to use our companies local mirror of the official yum repos and we're not supposed to go out to unofficial ones like koji.

When is comes out on the updates-testing report, you can see the version.
When it is pushed to updates, your company can sync the mirror and get it.
If they are not sync'ing but testing them first, recommended, then it will take more time.
Then you can get it.

But this is a very important set of fixes so maybe an e-mail to your company iT would "get the lead out".
As they should have been tested and install by now.

Why there has not been a kernel in updates-testing report for so long is very strange?
I think, the Fedora G/A are viewed by Fedora dev's as yesterday's vomit
and they are only focused on rawhid and moreover, the schedule.

Furthermore, why is your company using Fedora as if it were some stable production system?
It needs the updates as soon as possible just to fix bugs.

So as they say, "I sounds like a personal problem (from ignorance in your IT dept..)" to me.

Lastly, what's stopping you from doing the right thing and just downloading the rpm's from koji, and rpm -Uvi. Nothing I see but you chooing to wait on IT lead pants.

SJ

[SlowJet]

They pushed the .7 to updates on the 15th.
.9 is in koji

SJ

[marko]

Quote:

Originally Posted by SlowJet

But this is a very important set of fixes so maybe an e-mail to your company iT would "get the lead out".
As they should have been tested and install by now.

Furthermore, why is your company using Fedora as if it were some stable production system?
It needs the updates as soon as possible just to fix bugs.

So as they say, "I sounds like a personal problem (from ignorance in your IT dept..)" to me.

Lastly, what's stopping you from doing the right thing and just downloading the rpm's from koji, and rpm -Uvi. Nothing I see but you chooing to wait on IT lead pants.
SJ

No, I'm using Fedora as my choice and in the usage I'm using it (scientific and R/D development) it's the best platform, it's not a production platform for anything but
my personally research and development machine. Lots of others around here do the same thing. The IT people mostly tend towards encouraging Centos, SUSE, or Ubuntu for Linux.


Our IT has local mirror repositories for Ubuntu, Centos, and SUSE on top of Fedora. The policy is not to have individual users pointing to various repositories but have them use a central internal mirror for the obvious bandwidth and security benefits (3000+ employees here). I haven't seen an actual statement that installing unsigned kernel packages like Koji's aren't allowed but I'm sure they'd prefer it not be done.

[marko]

Actually looks like multiple (2) kernels on F11 to cover both .29 and .30 :
Fedora 11: kernel-2.6.29.6-217.2.7.fc11 and kernel-2.6.30.5-28.rc2.fc11
Fedora 10: kernel-2.6.27.29-170.2.79.fc10

REF:

https://bugzilla.redhat.com/show_bug.cgi?id=516949#c16
https://bugzilla.redhat.com/show_bug.cgi?id=516949#c17
https://bugzilla.redhat.com/show_bug.cgi?id=516949#c19

[SlowJet]

$ uname -a
Linux 2.6.30.5-32.fc11.i686.PAE #1 SMP Mon Aug 17 16:35:03 EDT 2009 i686 i686 i386 GNU/Linux

I've been running it for 5 days.
It is in updates-testing as of last push on the 20th.

SJ