-{ Quote: "4 November 2009

A null pointer dereference in the Linux kernel can be exploited to access a system at root privilege level. The hole is reportedly contained in pipe.c and can occur in certain circumstances when using the pipe_read_open(), pipe_write_open() or pipe_rdwr_open() functions while releasing a mutex (mutual exclusion) too early – which constitutes a classic race condition. So far, the flaw has only been fixed in release candidate 6 of the forthcoming version 2.6.32." }-The H Security (http://www.h-online.com/security/news/item/Hole-in-the-Linux-kernel-allows-root-access-850016.html)

Please notice that this inflicts 'local root access' and not 'remote root access'.

-{ Quote: "Please notice that this inflicts 'local root access' and not 'remote root access'." }-

its not really a big issue then.
even thou users will excute practically anything.

Even though the kernel patch itself hasn't been released to a stable kernel yet, there is a work around that almost every distro has been using for a while now. If you are on Ubuntu and are not running Wine, you are safe.

To check if you are indeed safe, run the following command from the terminal:

cat /proc/sys/vm/mmap_min_addr

If it returns NULL (or 0) then you are affected. If it returns a non-zero number you are not affected. Ubuntu Karmic by default returns 65535. However, as I said, if you have Wine installed it will set it back to 0.

I am really wondering why this is even news at all since this exploit is over a month old.

Whether or not you are safe is distribution dependent. On my systems mmap_min_addr is > 0. I also have wine installed on one of them and it runs just fine.