Language Selection

English French German Italian Portuguese Spanish

Quick Fix in Linux Kernel

Filed under
Linux

Just days after the much-anticipated Linux 2.6.12 kernel was officially released, an update has been issued to fix two security vulnerabilities.

Linux kernel developer Chris Wright announced the 2.6.12.1 security fix release late Wednesday.

One of the issues carries the CVE designation CAN-2005-1761 and was titled, "ia64 ptrace + sigrestore_context" in the Changelog for 2.6.12.1. According to Danish Research firm Secunia, the impact of this vulnerability is unknown.

The other fix is for an issue that is somewhat more dangerous and could lead to a Denial-of-Service (define) attack by a malicious user. The 2.6.12.1 changelog refers to the patch as "Clean up subthread exec" and refers to the CVE designation CAN-2005-1913.

An error had existed in the 2.6.12 kernel in the delivery of signals with a sub-thread "exec" on a pending timer.

"If subthread exec's with timer pending, signal is delivered to old group-leader and can panic kernel," the 2.6.12.1 changelog noted.

Causing a kernel to "panic" is a serious condition that in many cases causes a Linux system to shut down. According to security firm Secunia, the subthreat exec kernel panic issue could have been exploited by malicious, local users to cause a DoS attack.

The overall effect of the 2.6.12 flaws, however, is not likely to have a significant impact on Linux users. The 2.6.12 kernel was only officially released last Friday by Linux creator Linus Torvalds and has not made its way - yet -- into many Linux distributions.

The 2.6.12 Linux kernel introduces a number of new innovations to Linux including native support for Xen as well as SELinux.

Source.

More in Tux Machines

6 things technical leaders should consider around open-source software

Many organisations have a wide array of open-source applications and code in use today – whether it be at the infrastructure and application layers, or in development frameworks and GitHub repositories. However, the applications developer and infrastructure teams come under increasing pressure as organisations rush to develop new services for customers, comply with growing amounts of industry regulation, or simply strive to meet the needs of the information generation. Read more

OpenMandriva 2014.2 and openSUSE 42

Today in Linux news Kate Lebedeff announced the release of OpenMandriva Lx 2014.2, a major update to 2014.1 released September 2014 and the first to support UEFI. In other news, Douglas DeMaio announced openSUSE 42, the next release of the gecko emblazoned Linux due in November. Elsewhere, Jack Germain reviewed Makulu 9 Aero and Alap Naik Desai reported Friday Microsoft hinted at a Linux OS at Microsoft Ignite in Chicago last month. Read more

Linux as a lifestyle

I'm not going to lie to you, my transformation was not easy. It was a slow and painful process. But after I finished it, it felt like nothing before. Thanks to my stubbornness, I was able to truly embrace open source in my life. I gave some minor contributions to some of the worldly-known open source projects like Reddit and the Tor Project. I'm constantly writing about my open source experience on my blog. I started contributing to Opensource.com and to free software magazine written in Serbian language. I even became a guest blogger to a couple of blogs related to open source and IT in general. Read more

Plasma 5.3.2 Fixes Your Shutdown Scripts

Tuesday, 30 June 2015. Today KDE releases a bugfix update to Plasma 5, versioned 5.3.2. Plasma 5.3 was released in April with many feature refinements and new modules to complete the desktop experience. Read more More KDE:

  • KStars GSoC 2015 Project
    This year marks my first year as a Google Summer of Code (GSoC) mentor, and it has been an exciting experience thus far. I have been a KStars developer for the last 12 years and it is amazing what KStars has accomplished in all those years.
  • Interview with Livio Fania
    Krita is by far the most complete digital painting tool developed on Linux.
  • GSoC Midterm Update