Language Selection

English French German Italian Portuguese Spanish

Linux Vendors Rush to Patch Privilege Escalation Flaw After Root Exploits Emerge

Filed under

Linux vendors are rushing to patch a privilege escalation vulnerability in the Linux kernel that can be exploited by local attackers to gain root access on the system.

The vulnerability, which is identified as CVE-2012-0056, was discovered by Jüri Aedla and is caused by a failure of the Linux kernel to properly restrict access to the "/proc/
/mem" file.

Linus Torvalds submitted a patch on the official Linux kernel repository on Jan. 17, but before Linux vendors had a chance to apply it for their distributions, proof-of-concept exploit code already appeared online.

rest here

More in Tux Machines

New Renesas SoCs offer 1.5GHz, 1080p, GbE, USB 3.0, PCIe

The RZ/G updates the Renesas Electronics RZ line of system-on-chips, which includes the Linux-ready RZ/A1 line of single-core, 400MHz Cortex-A9 SoCs, as well as an RZ/T line that runs an RTOS on a Cortex-M4 microcontroller. The new devices are aimed at a wide range of Linux- and Android embedded products including hand-held medical devices, digital signage, and industrial, home appliance, and office equipment devices that use a human-machine interface (HMI), says the Japanese semiconductor firm. Read more

Fedora OpenID issues resolved

It is very likely that you have seen the issues we had with logging in to Fedora Infrastructure services, or other websites that use Fedora OpenID to authenticate you. Read more

Mozilla Continues Moving Away From NPAPI Plugins

Firefox continues making progress on loosening web developers' and users' dependence on NPAPI plug-ins with a goal still in place to remove support for most NPAPI plugins by the end of 2016. Read more

Linux Foundation: Security Challenges Threaten ‘Golden Age’ Of Open Source

The discovery of several high profile zero-day vulnerabilities in popular open source technologies last year served not only to show the importance of open source to the Internet and IT world, but also how woefully under-resourced so many projects were Read more