Several vulnerabilities closed in the Linux kernel
Linux developers have strongly recommended anyone who uses Linux kernel 2.6.25 on multi-user x86-64 systems to upgrade to version 2.6.25.11. It appears that users with restricted privileges are able to escalate their access privileges. While Greg Kroah-Hartman did not give any further details when announcing the new kernel version, the problem is likely to be caused by the filtering of the Local Descriptor Table (LDT).
Only a few days earlier, kernel developers released version 2.6.25.10 to resolve a vulnerability in the sys32_ptrace
function in arch/x86/kernel/ptrace.c
which could potentially cause systems to crash. The Pax Team that discovered this hole did not want to rule out that the flaw could also have been exploited to compromise a system.
Linux distributors are expected to release updated packages shortly.
See also:
- Linux 2.6.25.11, announcement by Greg Kroah-Hartman
- Stable kernel 2.6.25.10, discussion on lwn.net
(djwm)