Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora 19/20 > Security and Privacy
FedoraForum Search

Forgot Password? Join Us!

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 17th August 2009, 04:49 PM
marko Offline
Registered User
 
Join Date: Jun 2004
Location: Laurel, MD USA
Posts: 6,097
linuxfedorafirefox
what kernel will be on the yum system patched for CVE-2009-2692

Where can I see the log or notice about which upcoming kernel will include the
permission escalation patch? I just noticed 2.6.29.6-217.2.7.fc11 went out, is that it?
Reply With Quote
  #2  
Old 17th August 2009, 05:04 PM
aleph Offline
Banned (for/from) behaving just like everybody else!
 
Join Date: Jul 2007
Location: Nanjing, China
Posts: 1,332
linuxfedorafirefox
http://koji.fedoraproject.org/koji/b...buildID=127529
Quote:
* Sat Aug 15 2009 Kyle McMartin <kyle@redhat.com> 2.6.29.6-217.2.8
- CVE-2009-2767: Fix clock_nanosleep NULL ptr deref.
* Fri Aug 14 2009 Kyle McMartin <kyle@redhat.com> 2.6.29.6-217.2.7
- CVE-2009-2692: Fix sock sendpage NULL ptr deref.
__________________
Code:
from rlyeh import cthulhu
cthulhu.fhtagn()
Reply With Quote
  #3  
Old 17th August 2009, 07:38 PM
marko Offline
Registered User
 
Join Date: Jun 2004
Location: Laurel, MD USA
Posts: 6,097
linuxfedorafirefox
Yeah, but I can't use the koji kernel, I mean what kernel is planned in the official yum repositories
to have the CVE-2009-2692 fix. I have to use our companies local mirror of the official yum repos and we're not supposed to go out to unofficial ones like koji.
Reply With Quote
  #4  
Old 17th August 2009, 08:16 PM
SlowJet Offline
Registered User
 
Join Date: Jan 2005
Posts: 5,048
linuxfedorafirefox
Quote:
Originally Posted by marko View Post
Yeah, but I can't use the koji kernel, I mean what kernel is planned in the official yum repositories
to have the CVE-2009-2692 fix. I have to use our companies local mirror of the official yum repos and we're not supposed to go out to unofficial ones like koji.
When is comes out on the updates-testing report, you can see the version.
When it is pushed to updates, your company can sync the mirror and get it.
If they are not sync'ing but testing them first, recommended, then it will take more time.
Then you can get it.

But this is a very important set of fixes so maybe an e-mail to your company iT would "get the lead out".
As they should have been tested and install by now.

Why there has not been a kernel in updates-testing report for so long is very strange?
I think, the Fedora G/A are viewed by Fedora dev's as yesterday's vomit
and they are only focused on rawhid and moreover, the schedule.

Furthermore, why is your company using Fedora as if it were some stable production system?
It needs the updates as soon as possible just to fix bugs.

So as they say, "I sounds like a personal problem (from ignorance in your IT dept..)" to me.

Lastly, what's stopping you from doing the right thing and just downloading the rpm's from koji, and rpm -Uvi. Nothing I see but you chooing to wait on IT lead pants.

SJ
__________________
Do the Math
Reply With Quote
  #5  
Old 17th August 2009, 10:37 PM
SlowJet Offline
Registered User
 
Join Date: Jan 2005
Posts: 5,048
linuxfedorafirefox
They pushed the .7 to updates on the 15th.
.9 is in koji

SJ
__________________
Do the Math
Reply With Quote
  #6  
Old 17th August 2009, 11:44 PM
marko Offline
Registered User
 
Join Date: Jun 2004
Location: Laurel, MD USA
Posts: 6,097
linuxfedorafirefox
Quote:
Originally Posted by SlowJet View Post

But this is a very important set of fixes so maybe an e-mail to your company iT would "get the lead out".
As they should have been tested and install by now.

Furthermore, why is your company using Fedora as if it were some stable production system?
It needs the updates as soon as possible just to fix bugs.

So as they say, "I sounds like a personal problem (from ignorance in your IT dept..)" to me.

Lastly, what's stopping you from doing the right thing and just downloading the rpm's from koji, and rpm -Uvi. Nothing I see but you chooing to wait on IT lead pants.
SJ
No, I'm using Fedora as my choice and in the usage I'm using it (scientific and R/D development) it's the best platform, it's not a production platform for anything but
my personally research and development machine. Lots of others around here do the same thing. The IT people mostly tend towards encouraging Centos, SUSE, or Ubuntu for Linux.


Our IT has local mirror repositories for Ubuntu, Centos, and SUSE on top of Fedora. The policy is not to have individual users pointing to various repositories but have them use a central internal mirror for the obvious bandwidth and security benefits (3000+ employees here). I haven't seen an actual statement that installing unsigned kernel packages like Koji's aren't allowed but I'm sure they'd prefer it not be done.

Last edited by marko; 18th August 2009 at 02:28 AM.
Reply With Quote
  #7  
Old 21st August 2009, 07:19 PM
marko Offline
Registered User
 
Join Date: Jun 2004
Location: Laurel, MD USA
Posts: 6,097
linuxfedorafirefox
Fedora 11 getting this patched kernel with 2.6.30.5-32

Actually looks like multiple (2) kernels on F11 to cover both .29 and .30 :
Fedora 11: kernel-2.6.29.6-217.2.7.fc11 and kernel-2.6.30.5-28.rc2.fc11
Fedora 10: kernel-2.6.27.29-170.2.79.fc10

REF:

https://bugzilla.redhat.com/show_bug.cgi?id=516949#c16
https://bugzilla.redhat.com/show_bug.cgi?id=516949#c17
https://bugzilla.redhat.com/show_bug.cgi?id=516949#c19

Last edited by marko; 21st August 2009 at 07:39 PM.
Reply With Quote
  #8  
Old 21st August 2009, 07:29 PM
SlowJet Offline
Registered User
 
Join Date: Jan 2005
Posts: 5,048
linuxfedorafirefox
$ uname -a
Linux 2.6.30.5-32.fc11.i686.PAE #1 SMP Mon Aug 17 16:35:03 EDT 2009 i686 i686 i386 GNU/Linux

I've been running it for 5 days.
It is in updates-testing as of last push on the 20th.

SJ
__________________
Do the Math
Reply With Quote
Reply

Tags
cve, kernel, patched, yum

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
2.6.22.9-91 powernow patched kernel seeker010 Programming & Packaging 0 11th October 2007 05:35 AM
problem running new patched kernel philippjosefric Programming & Packaging 0 10th April 2005 02:42 PM
system hangs after short while with patched 6111 nvidia drivers LinuxNewb Using Fedora 0 25th November 2004 03:43 PM
best practices: keeping system patched phildog Using Fedora 1 28th January 2004 08:48 PM


Current GMT-time: 05:33 (Thursday, 27-11-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat
Lungo Mare Terracina - Las Medulas Travel Photos - Bar On The Rocks Photos