On Wed, Nov 04, 2009 at 09:24:55AM -0800, john wrote: > On Wed, Nov 4, 2009 at 9:15 AM, Dominic Hargreaves <d...@earth.li> wrote: > > On Wed, Nov 04, 2009 at 09:05:20AM -0800, john wrote: > >> I see that there is another null pointer dereference flaw being talked > >> about. > >> http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ > >> > >> It looks like we can take step in Debian 5.0 to mitigate this threat by > >> setting > >> echvm.mmap_min_addr = 4096 > >> > >> per http://wiki.debian.org/mmap_min_addr > >> > >> I am running some servers running Debian 4.0. I doesn't look like > >> there is a /etc/sysctl.d/mmap_min_addr.conf to edit. Where are these > >> values stored > >> under Debian 4.0. > >> > >> What is the right way to proceed? Should I be looking at upgrading my > >> servers? > > > > The mmap_min_addr tuneabout was not introduced until after 2.6.18, > > which is the default etch kernel. I am using the 'etchnhalf' kernel > > (linux-image-2.6.24-etchnhalf*) on an etch machine, partly since it > > offers this protection. > > > Thanks Dominic, > > So would > > sudo apt-get install linux-image-2.6.24-etchnhalf.1-686 > > be the right approach here?
A combination of that and the mmap_min_addr.conf file would do the trick. -- dann frazier -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
