Major Linux security hole found
Security, the experts like to tell us, is a process, not a product.
With open source that can be a very good thing since when security problems are found they can be fixed quickly. That's the case over this last weekend, Feb. 9-10, when a security problem was found, and given a hot fix, in the 2.6.17 to the most recent production Linux kernel, 2.6.24.1.
The problem's exploit was first shown on the security site Milw0rm. The specific trouble is with the kernel system call sys_vmsplice. There is no perfect patch for the problem at this time. There is, however, a hot fix, which prevents if from being exploited in at least some systems.
Also:
There has been a set of stable kernel releases (2.6.22.18, 2.6.23.16, and 2.6.24.2), all of which fix the recently disclosed splice() security hole. This vulnerability is an easy root exploit on any of the affected systems (almost every kernel from 2.6.17 on), so applying the fix would be a good thing to do.
Stable and unstable kernel releases
- Login or register to post comments
- Printer friendly version
- 417 reads
Recent comments
5 hours 11 min ago
8 hours 14 min ago
16 hours 43 min ago
18 hours 45 min ago
20 hours 26 min ago
20 hours 45 min ago
22 hours 55 min ago