Language Selection

English French German Italian Portuguese Spanish

Quick Fix in Linux Kernel

Filed under
Linux

Just days after the much-anticipated Linux 2.6.12 kernel was officially released, an update has been issued to fix two security vulnerabilities.

Linux kernel developer Chris Wright announced the 2.6.12.1 security fix release late Wednesday.

One of the issues carries the CVE designation CAN-2005-1761 and was titled, "ia64 ptrace + sigrestore_context" in the Changelog for 2.6.12.1. According to Danish Research firm Secunia, the impact of this vulnerability is unknown.

The other fix is for an issue that is somewhat more dangerous and could lead to a Denial-of-Service (define) attack by a malicious user. The 2.6.12.1 changelog refers to the patch as "Clean up subthread exec" and refers to the CVE designation CAN-2005-1913.

An error had existed in the 2.6.12 kernel in the delivery of signals with a sub-thread "exec" on a pending timer.

"If subthread exec's with timer pending, signal is delivered to old group-leader and can panic kernel," the 2.6.12.1 changelog noted.

Causing a kernel to "panic" is a serious condition that in many cases causes a Linux system to shut down. According to security firm Secunia, the subthreat exec kernel panic issue could have been exploited by malicious, local users to cause a DoS attack.

The overall effect of the 2.6.12 flaws, however, is not likely to have a significant impact on Linux users. The 2.6.12 kernel was only officially released last Friday by Linux creator Linus Torvalds and has not made its way - yet -- into many Linux distributions.

The 2.6.12 Linux kernel introduces a number of new innovations to Linux including native support for Xen as well as SELinux.

Source.

More in Tux Machines

Red Hat News

  • Building MySQL DBaaS on OpenStack And Ceph Clouds
    With a properly configured OpenStack deployment and Red Hat Ceph storage backend, DBaaS clients merely go to a self-service interface and request the number and configuration of databases they require. OpenStack dynamically provisions the required storage capacity from the appropriate Ceph storage pool. No more manual placement of these database instances on MySQL clusters of various shapes and sizes. This manual exercise was a bit like playing the old Tetris game, trying to fit new database instances into fixed-sized clusters, followed by moving or rearranging them to new clusters when they outgrew available capacity.
  • Now available: The Open Organization Leaders Manual
    Available now, The Open Organization Leaders Manual is a community-produced companion to Jim Whitehurst's The Open Organization. With contributions from more than 15 authors, it explores new attitudes and practices leaders should adopt when leveraging the power of transparecy, meritocracy, inclusivity, sharing, and collaboration to build the workplaces of the future.
  • Red Hat Inc (RHT) Stake Maintained by Verde Servicos Internacionais S.A.
  • National Pension Service Purchases 12,387 Shares of Red Hat Inc (RHT)

7 cool little open source projects that stood out in 2016

In the early days of the open source movement, a lot of the attention was on operating systems, and later on large content management systems. These days, containers are mentioned regularly even in mainstream news outlets. The big tech stories are great, but they miss the other great activity in the niches of the open source space. I've rounded up seven interesting lesser-known projects from the past year. You can see more articles about projects like this in my Nooks and Crannies column. Read more

RaspArch, the Arch Linux Remix for Raspberry Pi 3 SBCs, Now Shipping with Yaourt

After announcing the release of a new version of his Ubuntu-based ExTiX Linux operating system for Intel Compute Stick devices, Arne Exton has announced today the availability of RaspArch Build 161205. RaspArch is a remix of Arch Linux ARM for Raspberry Pi 3 and Raspberry Pi 2 single-board computers, and the latest release is shipping with the long-term supported Linux 4.4.35 kernel and the latest package versions released upstream as of December 5, 2016. "When you have installed RaspArch to your Micro SD Card you can use the system like any other Arch Linux system, i.e. install new programs, etc," said Arne Exton in the release announcement. "Arch motto is KISS (Keep It Simple Stupid). RaspArch uses kernel 4.4.35-1-ARCH and the LXDE Desktop environment." Read more

Gentoo-Based Porteus Kiosk 4.2 Released with Linux Kernel 4.4.36, Firefox 45.5.1

Porteus Solutions, through Tomasz Jokiel, announced today the release and immediate availability of Porteus Kiosk 4.2.0, the latest stable version of the free and open source Gentoo-based kiosk operating system for web terminals. Powered by the latest long-term supported Linux 4.4.36 kernel, Porteus Kiosk 4.2.0 ships with some of the latest and greatest GNU/Linux technologies and Open Source software projects, including the recently released X.Org Server 1.18.4 display server, as well as the Mozilla Firefox 45.5.1 ESR and Google Chrome 54.0.2840.100 web browsers. Read more