In association with heise online

29 August 2006, 15:14

New Linux kernel closes security holes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Users of Linux kernel 2.4.33.x, 2.6.16.x and 2.6.17.x should install the new version announced last weekend. Registered users on systems running on the older kernel version can otherwise cause the system to crash or achieve root rights. This is due to a flaw in the processing of the Stream Control Transmission Protocol (SCTP) in the sctp_make_abort_user function that enables the execution of code with elevated rights.

Additionally, a flaw in the implementation of the Universal Disk Format (UDF) can lead to a system crash if certain files are shared. This flaw is present in the three versions mentioned above, but has not yet been resolved for 2.4.33.x. A backport of the patch from 2.6.17.x to version 2.4 has already been planned.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit