Language Selection

English French German Italian Portuguese Spanish

Quick Fix in Linux Kernel

Filed under
Linux

Just days after the much-anticipated Linux 2.6.12 kernel was officially released, an update has been issued to fix two security vulnerabilities.

Linux kernel developer Chris Wright announced the 2.6.12.1 security fix release late Wednesday.

One of the issues carries the CVE designation CAN-2005-1761 and was titled, "ia64 ptrace + sigrestore_context" in the Changelog for 2.6.12.1. According to Danish Research firm Secunia, the impact of this vulnerability is unknown.

The other fix is for an issue that is somewhat more dangerous and could lead to a Denial-of-Service (define) attack by a malicious user. The 2.6.12.1 changelog refers to the patch as "Clean up subthread exec" and refers to the CVE designation CAN-2005-1913.

An error had existed in the 2.6.12 kernel in the delivery of signals with a sub-thread "exec" on a pending timer.

"If subthread exec's with timer pending, signal is delivered to old group-leader and can panic kernel," the 2.6.12.1 changelog noted.

Causing a kernel to "panic" is a serious condition that in many cases causes a Linux system to shut down. According to security firm Secunia, the subthreat exec kernel panic issue could have been exploited by malicious, local users to cause a DoS attack.

The overall effect of the 2.6.12 flaws, however, is not likely to have a significant impact on Linux users. The 2.6.12 kernel was only officially released last Friday by Linux creator Linus Torvalds and has not made its way - yet -- into many Linux distributions.

The 2.6.12 Linux kernel introduces a number of new innovations to Linux including native support for Xen as well as SELinux.

Source.

More in Tux Machines

Leftovers: Gaming

Netflix in Steam OS

  • Developer brings Netflix to Steam OS: Linux Wrap
    He has posted the script on GitHub for others to try. It’s in really early stage of development but it’s surprising and at the same time disappointing to see that Valve made no efforts whatsoever to bring steaming services like Netflix to their platform that they plan to dominate the living room.
  • Developer Implements Netflix in SteamOS
    A developer has put together some tools (still under construction) that would allow users to use SteamOS to play Netflix. It's in its early stages, but the developer has made something that Valve hasn't even thought about until now.

Android Leftovers

Fedora 22 Coming Next Tuesday and Converting Users

At the Fedora release Go/No-Go meeting last night it was determined that three bugs were serious enough to violate the release readiness criteria. As a result, the Final was blocked and a second Go/No-Go was scheduled for today. The results of that meeting are in! Elsewhere, Jack Germain said, "Simplicity Linux is easy to use and runs fast" and Swapnil Bhartiya shared his secret to converting users to Linux. Read more