[Bug 413656] Re: Local root exploit via CVE-2009-2692 (incorrect proto_ops initializations)
Kees Cook
kees at ubuntu.com
Tue Aug 18 22:31:54 UTC 2009
Correct, the Live CD does not contain an updated kernel for the
personality-via-pulse exploit (CVE-2009-1895), fixed in USN-807-1, which
allowed mmap_min_addr to be bypassed. Ubuntu with Wine installed are
most likely to be single-user systems, which helps reduce the number of
people in real danger from this vulnerability.
This current bug is certainly important, which is why it's not being
ignored. Kernels take a while to build for all releases on all
architectures, and will be completed later today.
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-1895
--
Local root exploit via CVE-2009-2692 (incorrect proto_ops initializations)
https://bugs.launchpad.net/bugs/413656
You received this bug notification because you are a member of Kernel
Bugs, which is subscribed to linux-source-2.6.15 in ubuntu.
More information about the kernel-bugs
mailing list