Bradypus variegatus aka Zenwalk's Mr. Kernel

Filed under
Linux

The recent Linux kernel local escalation of privilege is indeed a local vulnerability, however this should by no means neglected as minor: most of the vulnerabilities found in so many packages are local vulnerabilities, yet patches are issued responsibly (i.e. in a timely manner) by all the mainstream distros who ship the respective packages.

It's not the only small distro not to have updated the kernel, but their attitude speaks volumes...

The vulnerability is known since Feb. 8, with filling of bugs in mainstream distros generally between 9 and 11 February.

To summarize, here's what I have noticed as patches for the latest kernel vulnerability, chronologically:

* Debian Etch patched it on Feb. 11.
* Slackware 12.0 and -current patched it on Feb. 11.
* Fedora 8 and 7 patched it on Feb. 11.

More Here