Stable kernels 2.6.31.6 and 2.6.27.39 released

The SELinux problem was fixed upstream and in
Fedora when I released the last exploit. Seven
public exploits however still was not enough for
RHEL to fix their vulnerable default configuration.
It took the release of the pipe exploit for them to
finally fix it in their kernels last Friday.

As for whether people still run with
mmap_mins_addr set to zero, or are using a
vulnerable version, or are using an old distro that
hasn't had the feature backported, I know
enough sysadmins to know this is certainly the
case. It doesn't help that distros turn the feature
off when it doesn't necessarily need to be (as
mentioned in other threads here about wine), or
that sufficient, conspicuous warning is not given
when this is going to happen (see the recent
slashdot article with a dozen posters surprised
theirs was turned off and not knowing why).

So certainly, they are still security vulnerabilities,
however distros can and should of course mention
that mitigations exist for privilege escalation. The
bugs remain security vulnerabilities regardless
however since mitigation turns them into a
potential (or certain, if panic_on_oops is enabled
like on some distros) DoS.

-Brad

-Brad