patches/packages/linux-2.6.27.31/:
Added new kernels and kernel packages for Linux 2.6.27.31 to address
a bug in proto_ops structures which could allow a user to use the
kernel sendpage operation to execute arbitrary code in page zero.
This could allow local users to gain escalated privileges.
This flaw was discovered by Tavis Ormandy and Julien Tinnes of the
Google Security Team.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692
In addition, these kernels change CONFIG_DEFAULT_MMAP_MIN_ADDR kernel
config option value to 4096, which should prevent the execution of
arbitrary code by future NULL dereference bugs that might be found in
the kernel. If you are compiling your own kernel, please check this
option in your .config. If it is set to =0, you may wish to edit it
to 4096 (or some other value > 0) and then reconfigure, or the kernel
will not have default protection against zero page attacks from
userspace.
(* Security fix *)
patches/packages/kernel-mmap_min_addr-4096-noarch-1.tgz:
This package adds an init script to edit /etc/sysctl.conf, adding
this config option:
vm.mmap_min_addr = 4096
This will configure the kernel to disallow mmap() to userspace of any
page lower than 4096, preventing privilege escalation by CVE-2009-2692.
This is a hot fix package and will take effect immediately upon
installation on any system running a kernel that supports configurable
/proc/sys/vm/mmap_min_addr (kernel 2.6.23 or newer).
(* Security fix *)