Hi all, In the interest of being a good citizen there's a new local root vulnerability for Linux, *BSD and Solaris.
https://blog.qualys.com/securitylabs/2017/06/19/the-stack-clash # The Stack Clash is a vulnerability in the memory management of # several operating systems. It affects Linux, OpenBSD, NetBSD, # FreeBSD and Solaris, on i386 and amd64. It can be exploited # by attackers to corrupt memory and execute arbitrary code. They list links to various distros information on the issue. For instance RHEL have released both kernel and glibc updates, but of course that begs the question of statically linked binaries (yes, I know, don't do that, but they are common) and containers such as Shifter & Singularity with older glibc's. I suspect in those cases you have to rely entirely on the kernel mitigation of increasing the stack guard gap size. cheers, Chris -- Christopher Samuel Senior Systems Administrator Melbourne Bioinformatics - The University of Melbourne Email: sam...@unimelb.edu.au Phone: +61 (0)3 903 55545 _______________________________________________ Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
