Linux devs exterminate security bugs from kernel - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Advisory Watch: February 10th, 2012

Linux Security Week: February 6th, 2012

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Linux devs exterminate security bugs from kernel

User Rating:

How can I rate this item?

Source: The Register - Posted by Anthony Pell

Developers have exterminated two bugs from the Linux kernel that threatened the security of people using the open-source operating system. The most serious of the two is remote denial-of-service vulnerability that made it possible for attackers to crash systems by sending them oversized packets. The underlying null pointer dereference flaw in the Linux kernel's IPv4 defragmentation process is "basically the ping of death from the 90s, reintroduced by some code-refactoring," Linux security guru Brad Spengler of grsecurity, told The Register.

The second bug could be used by unprivileged local users to gain root access over vulnerable boxes. The vulnerability stems from a flaw in the Ext4 file system. It can be exploited by users by overwriting arbitrary files.

Read this full article at The Register