Bad Kernel ... ?

[vrkalak]

I found this article . . . interesting!?!? To say the least.

Newly Discovered Linux Kernel Vulnerability Affects All Versions Since 2001

http://news.softpedia.com/news/Newly-Di ... 9281.shtml

How might this affect us? And does the LinuxMint team know?
Need to make sure this is patched/fixed in the newer versions of LM soon to come out.

[exploder]

I think Ubuntu has patched the kernel already. Since this vulnerability has been around for so long and has not been exploited I would not spend too much time worrying about it.

[Fred]

vrkalak,

Keep in mind, this is a local venerability. Not a remote venerability. As long as you don't have untrusted users on your machine you don't have much to fear anyway.

I am not saying we should ignore these reports, but the fact of the matter is there are so few of them that they always get overblown coverage compared to Windows.

A single user desktop, not running a net facing server, on a DHCP connection has a greater chance of being struck by lightning than being compromised by a potential local venerability that isn't even in the wild.

Fred

[linuxviolin]

I think Ubuntu has patched the kernel already. Since this vulnerability has been around for so long and has not been exploited I would not spend too much time worrying about it.

I guess Ubuntu has produced a new kernel patched fairly recently, but it is still necessary that the user has installed it...

Fred, I don't agree with you, for one time. How you can say to people: your system is vulnerable but it's not a big security hole, a local one, one that you may never meet, so don't apply the patch!? It's not a good security policy neither a good advice for the (new) users, particulary on a Unix system. Kernel is not the less important thing in the OS, so even if the problem is "light" it must be patched. It is not possible, not good, to leave people with potentially vulnerable systems, even for a "little" local problem. Plus, it is a bad habit to give to new users.

When a security hole is found, whatever it is, and your distro gives you a security update for it, apply it!

P.S.= I know, I again play the ugly little duck...

[DrHu]

A single user desktop, not running a net facing server, on a DHCP connection has a greater chance of being struck by lightning than being compromised by a potential local venerability that isn't even in the wild.

..by a potential local venerability that isn't even in the wild
I would have to say that Fred is suggesting a reasonable level of concern

If you have your own computer and are not sharing it with other users (on that system), then a local exploit is absolutely nothing to worry about, you wouldn't be trying to exploit your own system

And even in the case that local users (other than yourself) were using the system; they would need that intention, to exploit/hack the system
--so it would be down to how trustworthy are those users

[linuxviolin]

Yes, I had understood well and I agree on the fact that the risk is minimal, it's "a reasonable level of concern" etc but one does not leave a hole in a system, however small it can be. It's a way to think a little lax and I don't think it's not a good habit/practice to give to the users. Let it to Windows, and yet even Windows tries to correct them...

Your system has a hole, your distro gives you the patch, you apply it. Period.

P.S.= Plus, this can lead further later, in other occasions/situations. Hey, why not? Once you have accustomed, even advised people not to patch their systems, even for a reasonable reason... Do not open the door, please.

P.P.S.= It is always possible to have a not trustworthy user, maybe particulary with a laptop, that by definition you are lugging with you...

[vrkalak]

Since, all this kernel / security hole (however minor it may be) came about, my LinuxMint has had a few updates.
A couple of these updates were Kernel updates.

Was this particular fix/patch in there somewhere?
Has it been fixed by Debian/Ubuntu/LinuxMint techies already?

[linuxviolin]

Since, all this kernel / security hole (however minor it may be) came about, my LinuxMint has had a few updates.
A couple of these updates were Kernel updates.

Was this particular fix/patch in there somewhere?
Has it been fixed by Debian/Ubuntu/LinuxMint techies already?

Well, Ubuntu supplies the kernel and they have issued updates for this vulnerability so far, so if as you say, you have "had a few updates. A couple of these updates were Kernel updates" and if you have made them, you should have the last updates and the last kernel, but you can check anyway, you can see at this (August 19, 2009): https://lists.ubuntu.com/archives/ubunt ... 00952.html So, normally no problem for you.

P.S.= Red Hat has labelled this security problem as "Important":

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

These updated packages fix the following security issues:

* a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This
macro did not initialize the sendpage operation in the proto_ops structure
correctly. A local, unprivileged user could use this flaw to cause a local
denial of service or escalate their privileges. (CVE-2009-2692, Important)

* a flaw was found in the udp_sendmsg() implementation in the Linux kernel
when using the MSG_MORE flag on UDP sockets. A local, unprivileged user
could use this flaw to cause a local denial of service or escalate their
privileges. (CVE-2009-2698, Important)