Language Selection

English French German Italian Portuguese Spanish

Major Linux security hole found

Filed under
Linux
Security

Security, the experts like to tell us, is a process, not a product.

With open source that can be a very good thing since when security problems are found they can be fixed quickly. That's the case over this last weekend, Feb. 9-10, when a security problem was found, and given a hot fix, in the 2.6.17 to the most recent production Linux kernel, 2.6.24.1.

The problem's exploit was first shown on the security site Milw0rm. The specific trouble is with the kernel system call sys_vmsplice. There is no perfect patch for the problem at this time. There is, however, a hot fix, which prevents if from being exploited in at least some systems.

More Here

Also:

There has been a set of stable kernel releases (2.6.22.18, 2.6.23.16, and 2.6.24.2), all of which fix the recently disclosed splice() security hole. This vulnerability is an easy root exploit on any of the affected systems (almost every kernel from 2.6.17 on), so applying the fix would be a good thing to do.

Stable and unstable kernel releases




More in Tux Machines

Leftovers: Gaming

Android Leftovers

Emulator now runs x86 apps on all Raspberry Pi models

Eltech’s faster ExaGear Desktop software version now supports ARMv6, in addition to ARMv7, letting users run x86 apps on all models of the Raspberry Pi. Russia-based Eltechs announced its ExaGear Desktop virtual machine last August, enabling Linux/ARMv7 SBCs and mini-PCs to run x86 software. That meant that users of the quad-core, Cortex-A7-based Raspberry Pi 2 Model B, could use it as well, although the software was not yet optimized for it. Read more

Maintaining an open source project at the Guardian

Over the 2015 Easter holiday the Scribe project received more than 3000 stars (a combination of bookmarking, liking and favouriting) on Github, making it easily one of the most popular open-source projects we have created at the Guardian. In addition to that milestone we also celebrated the release to our internal production systems of a number of community-contributed changes to Scribe. Guardian journalists now benefit every day from participation in the open-source community! Read more