New Linux kernel closes security holes
Users of Linux kernel 2.4.33.x, 2.6.16.x and 2.6.17.x should install the new version announced last weekend. Registered users on systems running on the older kernel version can otherwise cause the system to crash or achieve root rights. This is due to a flaw in the processing of the Stream Control Transmission Protocol (SCTP) in the sctp_make_abort_user function that enables the execution of code with elevated rights.
Additionally, a flaw in the implementation of the Universal Disk Format (UDF) can lead to a system crash if certain files are shared. This flaw is present in the three versions mentioned above, but has not yet been resolved for 2.4.33.x. A backport of the patch from 2.6.17.x to version 2.4 has already been planned.
(ehe)