Results 1 to 7 of 7

Thread: Linux Kernel Patch - is it in openSUSE's updater yet?

  1. #1

    Default Linux Kernel Patch - is it in openSUSE's updater yet?


  2. #2
    Camalen NNTP User

    Default Re: Linux Kernel Patch - is it in openSUSE's updater yet?

    6tr6tr wrote:

    > Is this issue fixed via openSUSE's updater?
    > 'cr0 blog: Linux NULL pointer dereference due to incorrect proto_ops
    > initializations (CVE-2009-2692)' (http://tinyurl.com/qvxu33)


    I think not yet.

    Greetings,

    --
    Camalen

  3. #3
    Join Date
    Oct 2008
    Location
    Birmingham. AL
    Posts
    858

    Default Re: Linux Kernel Patch - is it in openSUSE's updater yet?

    Do note that this particular vulnerability would only matter on multi-user systems. Unless you plan to attack yourself (generally a losing proposition), it shouldn't keep you awake at night.



    NEOHAPSIS - Peace of Mind Through Integrity and Insight

    Yes, you should apply the patch when it becomes available, but unless you use the IPX protocol and have a machine that's exposed to many other people (some of whom are hackers), I wouldn't lose a lot of sleep over it.

    Of course, other common-sense security measures apply -- don't download and execute anything from a non-trusted site. But that's always true.

    -- Stephen

  4. #4

    Default Re: Linux Kernel Patch - is it in openSUSE's updater yet?

    Quote Originally Posted by smpoole7 View Post
    Do note that this particular vulnerability would only matter on multi-user systems. Unless you plan to attack yourself (generally a losing proposition), it shouldn't keep you awake at night.



    NEOHAPSIS - Peace of Mind Through Integrity and Insight

    Yes, you should apply the patch when it becomes available, but unless you use the IPX protocol and have a machine that's exposed to many other people (some of whom are hackers), I wouldn't lose a lot of sleep over it.

    Of course, other common-sense security measures apply -- don't download and execute anything from a non-trusted site. But that's always true.

    -- Stephen
    While I am the only one using this computer and I don't use IPX, are you sure that really means it's not vulnerable? I mean, my computer is connected to the internet so that means hackers CAN find it.

  5. #5
    Join Date
    Dec 2008
    Location
    Sydney, Australia
    Posts
    1,021

    Default Re: Linux Kernel Patch - is it in openSUSE's updater yet?

    Why would they bother?
    Günter

    Desk: Tumbleweed, KDE 5, AMD Ryzen 5 3400G, 16Gb, 120Gb SSD, 2 SATA.
    Lap: Thinkpad T430, Tumbleweed, Intel i5, 8Gb, SSD.

  6. #6
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    32,336
    Blog Entries
    15

    Default Re: Linux Kernel Patch - is it in openSUSE's updater yet?

    Quote Originally Posted by 6tr6tr
    smpoole7;2026003 Wrote:
    <snip>
    While I am the only one using this computer and I don't use IPX, are
    you sure that really means it's not vulnerable? I mean, my computer is
    connected to the internet so that means hackers CAN find it.
    Hi
    Are you using the ethernet interface to connect to the internet, or
    going through a router. If it's a router then that's whats 'seen' on the
    internet, assuming you haven't opened up ports and forwarding them.
    Even then it's only those ports and services.

    If your really concerned, get a shell account at somewhere like
    http://www.rootshell.be/ and run nmap against your external ip address.

    --
    Cheers Malcolm (Linux Counter #276890)
    SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.27.25-0.1-default
    up 9 days 18:17, 2 users, load average: 2.03, 2.20, 2.15
    GPU GeForce 8600 GTS Silent - Driver Version: 190.18


  7. #7
    Join Date
    Jun 2008
    Location
    Kansas City Area, Missouri, USA
    Posts
    7,236

    Default Re: Linux Kernel Patch - is it in openSUSE's updater yet?

    6tr6tr wrote:
    >
    > While I am the only one using this computer and I don't use IPX, are
    > you sure that really means it's not vulnerable? I mean, my computer is
    > connected to the internet so that means hackers CAN find it.


    To ease your mind, exploiting that vulnerability requires mapping
    address 0. In a standard openSUSE system, that address is not mapped,
    otherwise I wouldn't get the NULL pointer dumps when drivers that I am
    testing have bugs. To map that address would require special code that
    is unlikely to be introduced through a web browser. Only if you
    downloaded and ran a Trojan program would such mapping be accomplished.

    Ironically, the main way that this bug can be exploited is when
    SELinux maps address 0.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •