Language Selection

English French German Italian Portuguese Spanish

Major Linux security hole found

Filed under
Linux
Security

Security, the experts like to tell us, is a process, not a product.

With open source that can be a very good thing since when security problems are found they can be fixed quickly. That's the case over this last weekend, Feb. 9-10, when a security problem was found, and given a hot fix, in the 2.6.17 to the most recent production Linux kernel, 2.6.24.1.

The problem's exploit was first shown on the security site Milw0rm. The specific trouble is with the kernel system call sys_vmsplice. There is no perfect patch for the problem at this time. There is, however, a hot fix, which prevents if from being exploited in at least some systems.

More Here

Also:

There has been a set of stable kernel releases (2.6.22.18, 2.6.23.16, and 2.6.24.2), all of which fix the recently disclosed splice() security hole. This vulnerability is an easy root exploit on any of the affected systems (almost every kernel from 2.6.17 on), so applying the fix would be a good thing to do.

Stable and unstable kernel releases




More in Tux Machines

digiKam Software Collection 4.3.0 released...

After a long bugs triage, we have worked hard also to close your reported issues.. A long list of the issues closed in digiKam 4.3.0 is available through the KDE Bugtracking System. Read more

Seneca College realizes value of open source

Red Hat has done a lot of work with CDOT, lately specializing in Fedora for ARM processors. Pidora, the Fedora Linux Remix specifically targeted to the Rasberry Pi, was primarily developed at CDOT. Another company that we have been working with lately is Blindside Networks. They do a lot of work with CDOT on the BigBlueButton project, which is a web conferencing tool for online education. NexJ is a Toronto-based software development firm that has worked with CDOT on various aspects of open health tools on the server side and integration of medical devices with smart phones. We have recently started working on the edX platform, where developers around the globe are working to create a next-generation online learning platform. Read more

Today in Techrights

Initial impressions of PCLinuxOS 2014.08

I spend more time looking at the family trees of Linux distributions than I do looking at my own family tree. I find it interesting to see how distributions grow from their parent distribution, either acting as an extra layer of features which regularly re-bases itself or as a separate fork. New distributions usually tend to remain similar in most ways to their parent distro, using the same package manager and maintaining similar philosophies. When I look at the family trees of Linux distributions one project stands out more than others: PCLinuxOS. Read more