| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 41284 | 2004-01-05 21:44:00 | Security flaws force Linux kernel upgrade | stu140103 (137) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 205552 | 2004-01-05 21:44:00 | from CNET News . com ( . com . com/2100-1002_3-5135129 . html?tag=nefd_top" target="_blank">news . com . com) Security flaws force Linux kernel upgrade Last modified: January 5, 2004, 11:34 AM PST By Robert Lemos Staff Writer, CNET News . com Open-source developers released a new version of the Linux kernel Monday in a move aimed at quickly fixing several bugs--among them two serious security flaws . The 2 . 4 . 24 upgrade to the Linux kernel comes a month after the release of the previous version of the core system software and only includes patches for six software issues, including the two flaws . The release is intended to prompt users to upgrade quickly, said Marcelo Tosatti, the maintainer of the 2 . 4 kernel series and a Linux developer for data center management company Cyclades . "These security issues need to be fixed as soon as possible," Tosatti told CNET News . com in an interview Monday . As maintainer, Tosatti decides what changes can be made to the kernel and when to release new versions of the core system software for Linux . The most serious flaw, which occurs in a function used by virtual memory, resembles a vulnerability fixed in late November that had been exploited by unknown attackers to control several key Linux servers open-source developers use . Both flaws allow an intruder to increase the privileges of a normal user account to the same level as the system's owner . Tosatti said that once it became clear that the latest flaw could be used to circumvent security on Linux systems, he and other developers decided to immediately release the fixes . The move follows decisions by the kernel developers to curtail new features in the 2 . 4 kernel series in order to get developers and users to move to the next generation of core Linux software, the 2 . 6 kernel . The final set of features that had been intended for this release of the kernel have been postponed until the next version, he said . "It is good that I have the ability--because this is open source--to release the code so quickly," Tosatti said . The second security flaw results in a device driver problem that could allow an intruder to read some memory the kernel uses . The latest version of the kernel can be downloaded from Kernel . org . Patches for specific Linux distributions can be downloaded from their developers . |
stu140103 (137) | ||
| 205553 | 2004-01-06 07:20:00 | Patches have been out for it for ages (for the source). The 2.6 kernel doesnt have this issue either, right? |
Chilling_Silently (228) | ||
| 1 | |||||