kernel-2.6.16.3

Черт, так вот и уйди в отпуск. Дыры пошли одна за одной.

Уже 2.6.16.4

Наши постарались

    Linux 2.6.16.4

commit 0945e1a305ef6128c0405f1c5c8b5368d8756224
Author: Oleg Nesterov <oleg@tv-sign.ru>
Date:   Tue Apr 11 22:18:58 2006 +0400

    [PATCH] RCU signal handling
    
    made this BUG_ON() unsafe. This code runs under ->siglock,
    while switch_exec_pids() takes tasklist_lock.

commit a7603f9099869f9aeebd6c72a4ffbc792868ff3a
Author: Greg Kroah-Hartman <gregkh@suse.de>
Date: Wed Apr 12 13:27:57 2006 -0700

Linux 2.6.16.5

commit 6b12095a4a0e1f21bbf83f95f13299ca99d758fe
Author: Andi Kleen <ak@suse.de>
Date: Wed Apr 12 08:19:29 2006 +0200

[PATCH] x86_64: When user could have changed RIP always force IRET (CVE-2006-0744)

Intel EM64T CPUs handle uncanonical return addresses differently from
AMD CPUs.

The exception is reported in the SYSRET, not the next instruction.
Thgis leads to the kernel exception handler running on the user stack
with the wrong GS because the kernel didn't expect exceptions on this
instruction.

This version of the patch has the teething problems that plagued an
earlier version fixed.

This is CVE-2006-0744

Thanks to Ernie Petrides and Asit B. Mallick for analysis and initial
patches.

Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

commit 59b2832a31ae2f3279bb5b16ae9b1c4e38e40dea
Author: Andi Kleen <ak@suse.de>
Date: Wed Apr 12 08:18:46 2006 +0200

[PATCH] x86_64: Clean up execve

Just call IRET always, no need for any special cases.

Needed for the next bug fix.

Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

Побыстрей бы уже 2.6.16.6-7, а там глядишь сделают самое стабильное ядро 2.6.х - 2.6.16