Linux Users Face Risk From Kernel Vulnerability
Stubborn Kernel Flaw
Security researcher Rafal Wojtczuk from Invisible Things Lab detailed the kernel flaw in a report (PDF format) released officially this week, although Linux developers and distros have been aware of the issue since at least June.
Invisible Things Labs CEO Joanna Rutkowska added in a blog post that the unpatched flaw could have enabled any GUI application that could be compromised -- a PDF viewer, for example -- to bypass Linux security and potentially take over the system. Rutkowska is well known in the security community for her Black Hat research into Windows Vista and Intel security issues.
Although the vulnerability came to public light only this week, Linux developers and distros have been working for weeks to tackle the problem, which was first detailed in a June bugzilla entry for Linux vendor Red Hat, which credits Wojtczuk as the original reporter.
So far, though, only some progress has been made in closing the hole, known officially as CVE-2010-2240. Linux founder Linus Torvalds comitted a patch for the issue on Friday, and Linux kernel developer Greg Kroah-Hartman that same day formally announced the 184.108.40.206 Linux kernel release, advising all users to update.
Sponsored by BlackBerry
BlackBerry® Enterprise Server Express enables businesses of any size to quickly and easily get started with the BlackBerry solution. It provides advanced BlackBerry smartphone features with no additional software or user license fees, and works with any Internet-enabled BlackBerry data plan or a BlackBerry enterprise data plan. Download now!
- 1Linux Top 3: GNOME 3.12 and New Betas for Ubuntu 14.04 and OpenMandriva Lx 2014.0
- 2Linux Top 3: Linus Lashes out, Linux 3.14 Gets PIE and Ubuntu One is Done.
- 3Linux Top 3: Ubuntu 14.04, Debian Gives Squeeze More Life and Red Hat Goes Atomic
- 4Linux Top 3: CoreOS, Oracle Enterprise Linux 7 and Ubuntu 14.10
- 5Linux Top 3: Debian Gives Up on Upstart, Ubuntu and Linux Kernel Updates