Language Selection

English French German Italian Portuguese Spanish

Quick Fix in Linux Kernel

Filed under
Linux

Just days after the much-anticipated Linux 2.6.12 kernel was officially released, an update has been issued to fix two security vulnerabilities.

Linux kernel developer Chris Wright announced the 2.6.12.1 security fix release late Wednesday.

One of the issues carries the CVE designation CAN-2005-1761 and was titled, "ia64 ptrace + sigrestore_context" in the Changelog for 2.6.12.1. According to Danish Research firm Secunia, the impact of this vulnerability is unknown.

The other fix is for an issue that is somewhat more dangerous and could lead to a Denial-of-Service (define) attack by a malicious user. The 2.6.12.1 changelog refers to the patch as "Clean up subthread exec" and refers to the CVE designation CAN-2005-1913.

An error had existed in the 2.6.12 kernel in the delivery of signals with a sub-thread "exec" on a pending timer.

"If subthread exec's with timer pending, signal is delivered to old group-leader and can panic kernel," the 2.6.12.1 changelog noted.

Causing a kernel to "panic" is a serious condition that in many cases causes a Linux system to shut down. According to security firm Secunia, the subthreat exec kernel panic issue could have been exploited by malicious, local users to cause a DoS attack.

The overall effect of the 2.6.12 flaws, however, is not likely to have a significant impact on Linux users. The 2.6.12 kernel was only officially released last Friday by Linux creator Linus Torvalds and has not made its way - yet -- into many Linux distributions.

The 2.6.12 Linux kernel introduces a number of new innovations to Linux including native support for Xen as well as SELinux.

Source.

More in Tux Machines

‘Governments should have a free software policy’

Governments must have policies that increase their use of free and open source software solutions, says Professor Dr Wolfgang Finke from the Ernst-Abbe University of Applied Sciences in Jena (Germany). In many countries, the use of proprietary software might be unsustainable in the long-term, he says, “either from a technical or from a financial point of view.” Read more

Linux Remote Desktop Roundup

Over the years I've found that a significant hurdle to getting family and friends to switch to Linux comes from its lack of familiarity. This is especially true when it comes to troubleshooting any issues. Obviously, when a malfunction occurs it's not always possible to be there in person. However thanks to the wonders of broadband Internet and advanced software, we're now able to do the next best thing. In this article, I'll share some recommended remote desktop software for Linux. I’ll explore both open source and closed source solutions. Read more

Android ski goggles offer augmented reality display

It runs Android on a 1.2GHz ARM CPU, and offers hands-free control. Read more

Photoshop competitor Krita is a true creative tool -- and it's free and open source

Open source has some of the greatest tools, which continues to prove that you don't have to lock-down the code behind guarded walls to make a better product. Some popular open source products that don't have any match in the closed source world include Firefox, Chromium, VLC, Blender, Android, one gem that is, surprisingly, less known but extremely powerful when it comes to creating a work of art. Read more