Language Selection

English French German Italian Portuguese Spanish

Quick Fix in Linux Kernel

Filed under
Linux

Just days after the much-anticipated Linux 2.6.12 kernel was officially released, an update has been issued to fix two security vulnerabilities.

Linux kernel developer Chris Wright announced the 2.6.12.1 security fix release late Wednesday.

One of the issues carries the CVE designation CAN-2005-1761 and was titled, "ia64 ptrace + sigrestore_context" in the Changelog for 2.6.12.1. According to Danish Research firm Secunia, the impact of this vulnerability is unknown.

The other fix is for an issue that is somewhat more dangerous and could lead to a Denial-of-Service (define) attack by a malicious user. The 2.6.12.1 changelog refers to the patch as "Clean up subthread exec" and refers to the CVE designation CAN-2005-1913.

An error had existed in the 2.6.12 kernel in the delivery of signals with a sub-thread "exec" on a pending timer.

"If subthread exec's with timer pending, signal is delivered to old group-leader and can panic kernel," the 2.6.12.1 changelog noted.

Causing a kernel to "panic" is a serious condition that in many cases causes a Linux system to shut down. According to security firm Secunia, the subthreat exec kernel panic issue could have been exploited by malicious, local users to cause a DoS attack.

The overall effect of the 2.6.12 flaws, however, is not likely to have a significant impact on Linux users. The 2.6.12 kernel was only officially released last Friday by Linux creator Linus Torvalds and has not made its way - yet -- into many Linux distributions.

The 2.6.12 Linux kernel introduces a number of new innovations to Linux including native support for Xen as well as SELinux.

Source.

More in Tux Machines

Debian and Devuan News

Gaming News

today's howtos

Security Leftovers

  • Samba flaw opens Linux systems to remote exploit

    A vulnerability in Samba, the standard Windows interoperability suite of programs for Linux and Unix, can be exploited remotely to gain access to Linux machines that have port 445 exposed.

  • UK cyber chief says directors are devolving responsibility for hacks {sic} [iophk: "a step towards banning Microsoft, yet the article closes with Microsoft talking points"]

    Ciaran Martin, the head of the agency's National Cyber Security Centre (NCSC), said it is unacceptable for boards to plead ignorance about the threat from cyber attacks.

  • Ransomware and the Internet of Things

    But it is a system that's going to fail in the "Internet of things": everyday devices like smart speakers, household appliances, toys, lighting systems, even cars, that are connected to the web. Many of the embedded networked systems in these devices that will pervade our lives don't have engineering teams on hand to write patches and may well last far longer than the companies that are supposed to keep the software safe from criminals. Some of them don't even have the ability to be patched.

    Fast forward five to 10 years, and the world is going to be filled with literally tens of billions of devices that hackers can attack. We're going to see ransomware against our cars. Our digital video recorders and web cameras will be taken over by botnets. The data that these devices collect about us will be stolen and used to commit fraud. And we're not going to be able to secure these devices.

  • Kodi 17.3 Security Update Patches Infamous Subtitle Hack, Ubuntu 14.04 LTS Crash
    The second stable point release of the major Kodi 17 "Krypton" open-source and cross-platform media center was launched the other day, on May 24, 2017, but it was missing some binary add-ons, so Martijn Kaijser announced today Kodi 17.3.
  • Samba vulnerability brings WannaCry fears to Linux/Unix