Huge linux security flaw found

Firewalls, routers, servers, switches, SANs, PBXes, security and related topics
User avatar
Red Squirrel
Posts: 29213
Joined: Wed Dec 18, 2002 12:14 am
Location: Northern Ontario

Huge linux security flaw found

Post by Red Squirrel »

Time to patch up. :o

I could see MS pulling this off, but Linux?

Security researcher Rafal Wojtczuk from Invisible Things Lab reported a Linux kernel vulnerability, which would allow any GUI application that could be compromised, such as a PDF viewer, to bypass Linux security and potentially take over the system. The flaw has been present since at least 2003, and according to LinuxPlanet, it first became known to developers and distros only in June. You can read the PDF report compiled by Wojtczuk here.

So far, though, only some progress has been made in closing the hole, known officially as CVE-2010-2240. Linux founder Linus Torvalds comitted a patch for the issue on Friday, and Linux kernel developer Greg Kroah-Hartman that same day formally announced the Linux kernel release, advising all users to update.

The problem, of course, is that just because the main kernel has been patched, doesn’t mean all the Linux versions of the kernel have been patched.

“Updated kernel packages for Fedora 12 and 13 will soon be available from the updates testing repositories, and will be released as stable after being tested,” Mark Cox, director of security response at Red Hat, told “Packages for Red Hat Enterprise Linux are being worked on and will be released as soon as they are complete.”

Although there are no reports of the flaw having been exploited (according to Mark Cox), be aware of the vulnerability and update your distros as needed, as soon as the patches are available.

Make better IT decisions with our daily e-mail newsletter. It's your roadmap for a career in tech.Get it.

Archived topic from Iceteks, old topic ID:5186, old post ID:39488
Honk if you love Jesus, text if you want to meet Him!