Language Selection

English French German Italian Portuguese Spanish

Quick Fix in Linux Kernel

Filed under
Linux

Just days after the much-anticipated Linux 2.6.12 kernel was officially released, an update has been issued to fix two security vulnerabilities.

Linux kernel developer Chris Wright announced the 2.6.12.1 security fix release late Wednesday.

One of the issues carries the CVE designation CAN-2005-1761 and was titled, "ia64 ptrace + sigrestore_context" in the Changelog for 2.6.12.1. According to Danish Research firm Secunia, the impact of this vulnerability is unknown.

The other fix is for an issue that is somewhat more dangerous and could lead to a Denial-of-Service (define) attack by a malicious user. The 2.6.12.1 changelog refers to the patch as "Clean up subthread exec" and refers to the CVE designation CAN-2005-1913.

An error had existed in the 2.6.12 kernel in the delivery of signals with a sub-thread "exec" on a pending timer.

"If subthread exec's with timer pending, signal is delivered to old group-leader and can panic kernel," the 2.6.12.1 changelog noted.

Causing a kernel to "panic" is a serious condition that in many cases causes a Linux system to shut down. According to security firm Secunia, the subthreat exec kernel panic issue could have been exploited by malicious, local users to cause a DoS attack.

The overall effect of the 2.6.12 flaws, however, is not likely to have a significant impact on Linux users. The 2.6.12 kernel was only officially released last Friday by Linux creator Linus Torvalds and has not made its way - yet -- into many Linux distributions.

The 2.6.12 Linux kernel introduces a number of new innovations to Linux including native support for Xen as well as SELinux.

Source.

More in Tux Machines

Android essentials: 13 apps I can't live without

We spend a lot of time talking about Lollipop and OS-level issues with Android -- but you know what's just as important as the operating system on your phone or tablet? The apps that surround it. The right apps can make your device easier and more enjoyable to use. They can give it powers you didn't know were possible. They can make it feel like your own custom-tailored gadget -- whether you've been using it for two minutes or for two years. Read more

GHOST, a critical Linux security hole, is revealed

Researchers at cloud security company Qualys have discovered a major security hole, GHOST (CVE-2015-0235), in the Linux GNU C Library (glbibc). This vulnerability enables hackers to remotely take control of systems without even knowing any system IDs or passwords. Qualys alerted the major Linux distributors about the security hole quickly and most have now released patches for it. Josh Bressers, manager of the Red Hat product security team said in an interview that, "Red Hat got word of this about a week ago. Updates to fix GHOST on Red Hat Enterprise Linux (RHEL) 5, 6, and 7 are now available via the Red Hat Network." This hole exists in any Linux system that was built with glibc-2.2, which was released on November 10, 2000. Qualys found that the bug had actually been patched with a minor bug fix released on May 21, 2013 between the releases of glibc-2.17 and glibc-2.18. Read more

4MLinux Allinone Edition 11.0 Is a Complete OS

4MLinux Allinone Edition, a Linux distro that encompasses multiple tools for Maintenance (system rescue Live CD), Multimedia (e.g. playing video DVDs), Miniserver (using the inetd daemon), and Mystery (Linux games), is finally out of the Beta stages and has reached version 11.0. Read more

White House CTO calls for open source APIs, visibility for women

While Smith’s characterization of Washington as “incredibly entrepreneurial” may be a tad optimistic, she did appear sincere in her support for promoting the use of open source development, and introducing a culture of “APIs, not RFPs.” Echoing a mantra of executives at Google X, Smith also expressed a desire to find ways for the government to exhibit the sort of technological prowess that normally occurs only in wartime. She also emphasized that she and her deputy, former Twitter lawyer Alex Macgillivray, want to reduce the sort of regulatory morass that can inhibit innovation. Read more