[$] The Sequoia seq_file vulnerability

A local root hole in the Linux kernel, called Sequoia, was disclosedby Qualys on July 20. A full system compromise is possible untilthe kernel is patched (or mitigations that may not be fully effective are applied). Atits core, the vulnerability relies on a path through the kernel where64-bit size_t values are "converted" to signed integers, which effectivelyresults in an overflow. The flaw was reported to Red Hat on June 9,along with a localsystemddenial-of-service vulnerability, leading to a kernel crash, found at the same time.Systems with untrusted local users need updates for both problems applied as soon asthey are available-out ofan abundance of caution, other systems likely should be updated as well.