[Users] New kernel vuln...
Scott Dowdle
dowdle at montanalinux.org
Tue Aug 18 11:33:30 EDT 2009
Konstantin (or Kir),
----- "Konstantin Khorenko" <khorenko at openvz.org> wrote:
> just wanted to share the info:
> i checked this issue and found that 2.6.18-128.2.1.el5.028stab064.4
> kernel (latest OVZ) is immune to the exploits on the issue described
> at http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html
> Exploits do not work both inside a Container and on a Hardware Node.
That IS good to know. Thanks for the information. All of my OpenVZ boxes are running the latest RHEL5 kernel so those are good.
How about the latest RHEL4-based OpenVZ kernel? Is it vulnerable? And if so, should we expect an update for that real soon now? I still have one CentOS4-based box running the latest RHEL4-based kernel (ovzkernel-smp-2.6.9-023stab048.6).
I've heard that one can run a RHEL5 kernel on a RHEL4 host node but I haven't tried it. The machine in question I'm a little more weary of trying new things with because it is a remote machine I don't have physical access to and I want to avoid excessive downtime... but if there are a lot of RHEL4/CentOS4 host node users running the RHEL5 kernel, I'll consider switching... although on the OpenVZ kernel download page (http://wiki.openvz.org/Download/kernel) says the RHEL4 kernek is "Super stable" and the RHEL5 kernel is "Stable". :)
If the RHEL4-based kernel is vulnerable (which I'm not sure about yet) and the RHEL5 kernel isn't then that would be one advantage. Are there any other advantages to the current RHEL5 kernel vs. the current RHEL4 kernel?
Thanks,
--
Scott Dowdle
704 Church Street
Belgrade, MT 59714
(406)388-0827 [home]
(406)994-3931 [work]
More information about the Users
mailing list