Language Selection

English French German Italian Portuguese Spanish

Major Linux security hole found

Filed under
Linux
Security

Security, the experts like to tell us, is a process, not a product.

With open source that can be a very good thing since when security problems are found they can be fixed quickly. That's the case over this last weekend, Feb. 9-10, when a security problem was found, and given a hot fix, in the 2.6.17 to the most recent production Linux kernel, 2.6.24.1.

The problem's exploit was first shown on the security site Milw0rm. The specific trouble is with the kernel system call sys_vmsplice. There is no perfect patch for the problem at this time. There is, however, a hot fix, which prevents if from being exploited in at least some systems.

More Here

Also:

There has been a set of stable kernel releases (2.6.22.18, 2.6.23.16, and 2.6.24.2), all of which fix the recently disclosed splice() security hole. This vulnerability is an easy root exploit on any of the affected systems (almost every kernel from 2.6.17 on), so applying the fix would be a good thing to do.

Stable and unstable kernel releases




More in Tux Machines

today's leftovers

US Military To Launch Open Source Academy

Open source software, which has become increasingly common throughout the US military from unmanned drones to desktops, has now been enlisted as a career option for military personnel. In September, Camp Shelby Joint Forces Training Center will open a Linux certification academy, marking the first time such a training program has been hosted on a military base. Read more

Video: TedX talk - Richard Stallman

Well, vp9/opus in a webm container have been supported by both Firefox and Google Chrome for several releases now... so enjoy it in your web browser. Read more

Eclipse Luna for Fedora 20

If you are a Fedora Eclipse user, then you're probably saddened since the release of Eclipse Luna (4.4) because you are still using Eclipse Kepler (4.3) on Fedora 20. Well, be saddened no longer because Eclipse Luna is now available for Fedora 20 as a software collection! A software collection is simply a set of RPMs whose contents are isolated from the rest of your system such that they do not modify, overwrite or otherwise conflict with anything in the main Fedora repositories. This allows you install multiple versions of a software stack side-by-side, without them interfering with one another. More can be read about this mechanism on the software collections website. The Eclipse Luna software collection lives in a separate yum repository, which must be configured by clicking on this link to install the release package. Read more