Language Selection

English French German Italian Portuguese Spanish

Quick Fix in Linux Kernel

Filed under
Linux

Just days after the much-anticipated Linux 2.6.12 kernel was officially released, an update has been issued to fix two security vulnerabilities.

Linux kernel developer Chris Wright announced the 2.6.12.1 security fix release late Wednesday.

One of the issues carries the CVE designation CAN-2005-1761 and was titled, "ia64 ptrace + sigrestore_context" in the Changelog for 2.6.12.1. According to Danish Research firm Secunia, the impact of this vulnerability is unknown.

The other fix is for an issue that is somewhat more dangerous and could lead to a Denial-of-Service (define) attack by a malicious user. The 2.6.12.1 changelog refers to the patch as "Clean up subthread exec" and refers to the CVE designation CAN-2005-1913.

An error had existed in the 2.6.12 kernel in the delivery of signals with a sub-thread "exec" on a pending timer.

"If subthread exec's with timer pending, signal is delivered to old group-leader and can panic kernel," the 2.6.12.1 changelog noted.

Causing a kernel to "panic" is a serious condition that in many cases causes a Linux system to shut down. According to security firm Secunia, the subthreat exec kernel panic issue could have been exploited by malicious, local users to cause a DoS attack.

The overall effect of the 2.6.12 flaws, however, is not likely to have a significant impact on Linux users. The 2.6.12 kernel was only officially released last Friday by Linux creator Linus Torvalds and has not made its way - yet -- into many Linux distributions.

The 2.6.12 Linux kernel introduces a number of new innovations to Linux including native support for Xen as well as SELinux.

Source.

More in Tux Machines

Nix This Innovative OS for Its Uninviting Complexity

I had to keep reminding myself that I was not dealing with an extreme case of Arch Linux instead of GNU/Linux. NixOS is more demanding and definitely not a distro for users with anything less than advanced skills. To say NixOS comes with a steep learning curve and lots of hands-on overhead is putting it mildly. If you are a typical Linux user who lacks sysadmin training, avoid NixOS like a malware attack hiding in plain sight. Read more

Riot: A Distributed Way of Having IRC and VOIP Client and Home Server

Riot is a free and open source decentralized instant messaging application that can be considered an alternative to Slack. Take a look at features of Riot, installation procedure and usage. Read more

KDE’s New Elisa Music Player: So Close, Yet So Far Away

KDE is a working on a new music player called Elisa. Can Elisa become the new default music player in most Linux distributions? Find out in this review of Elisa music player. Read more

Collabora Online 3.2 released

Collabora Productivity, the driving force behind putting LibreOffice in the Cloud, is excited to announce a new release of its flagship enterprise-ready cloud document suite – Collabora Online 3.2, with new features and multiple improvements. Read more