Several vulnerabilities closed in the Linux kernel
Linux developers have strongly recommended anyone who uses Linux kernel 2.6.25 on multi-user x86-64 systems to upgrade to version 220.127.116.11. It appears that users with restricted privileges are able to escalate their access privileges. While Greg Kroah-Hartman did not give any further details when announcing the new kernel version, the problem is likely to be caused by the filtering of the Local Descriptor Table (LDT).
Only a few days earlier, kernel developers released version 18.104.22.168 to resolve a vulnerability in the
sys32_ptrace function in
arch/x86/kernel/ptrace.c which could potentially cause systems to crash. The Pax Team that discovered this hole did not want to rule out that the flaw could also have been exploited to compromise a system.
Linux distributors are expected to release updated packages shortly.