Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux 2.4.24 Release Fixes Root Vulnerability

Posted by simoniker on from the version-plus-plus dept.

diegocgteleline.es writes "Linux Kernel 2.4.24 has been released and is available on kernel.org. It seems there's a bug in the mremap(2) system call, where a local user can get root privileges.The new version has been released only with the most important bugs fixed - the rest of the changes have been postponed (those changes include the XFS filesystem)."

3 of 436 comments (clear)

  1. Re:Article title misleading... by mbyte · · Score: 5, Informative

    its been in the kernel since the 2.2 days .. the 2.2 series kernel's are also affected.

    read the synopsis: here
  2. RedHat fixed orphaned versions by Kalak · · Score: 5, Informative

    Possibly due to the fact that the last kernel fix was a week ago, or just that the patch is minoor, or because RH is being kind to those of us who still have reasons to run RH 7.3 just yet, but look to RH for a kernel update if you need one for 7.x and 8 which are unsupported in 2004. Thanks RedHat. Saved me a panicked kernel decision. I desperately didn't want to return from a vacation to a timetable jump of a few weeks.

    --
    I am, and always will be, an idiot. Karma: Coma (mostly effected by .hack)
  3. Re:How do you patch? by demi · · Score: 5, Informative

    Okay:

    1. Download patch to /usr/src
    2. cd /usr/src (since that's where you say your linux-2.4.23 is)
    3. bzip2 -dc patch-2.4.24.bz2 | patch -p0
    4. mv linux-2.4.23 linux-2.4.24
    5. cd linux-2.4.24
    6. Now build and install your kernel as you like it, just as you would from the virgin tarball (make depend; make however you make your kernel and modules).

    Hope that helps!

    --
    demi