I found this article . . . interesting!?!? To say the least.
Newly Discovered Linux Kernel Vulnerability Affects All Versions Since 2001
http://news.softpedia.com/news/Newly-Di ... 9281.shtml
How might this affect us? And does the LinuxMint team know?
Need to make sure this is patched/fixed in the newer versions of LM soon to come out.
Bad Kernel ... ?
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Bad Kernel ... ?
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Re: Bad Kernel ... ?
I think Ubuntu has patched the kernel already. Since this vulnerability has been around for so long and has not been exploited I would not spend too much time worrying about it.
Re: Bad Kernel ... ?
vrkalak,
Keep in mind, this is a local venerability. Not a remote venerability. As long as you don't have untrusted users on your machine you don't have much to fear anyway.
I am not saying we should ignore these reports, but the fact of the matter is there are so few of them that they always get overblown coverage compared to Windows.
A single user desktop, not running a net facing server, on a DHCP connection has a greater chance of being struck by lightning than being compromised by a potential local venerability that isn't even in the wild.
Fred
Keep in mind, this is a local venerability. Not a remote venerability. As long as you don't have untrusted users on your machine you don't have much to fear anyway.
I am not saying we should ignore these reports, but the fact of the matter is there are so few of them that they always get overblown coverage compared to Windows.
A single user desktop, not running a net facing server, on a DHCP connection has a greater chance of being struck by lightning than being compromised by a potential local venerability that isn't even in the wild.
Fred
- linuxviolin
- Level 8
- Posts: 2081
- Joined: Tue Feb 27, 2007 6:55 pm
- Location: France
Re: Bad Kernel ... ?
I guess Ubuntu has produced a new kernel patched fairly recently, but it is still necessary that the user has installed it...exploder wrote:I think Ubuntu has patched the kernel already. Since this vulnerability has been around for so long and has not been exploited I would not spend too much time worrying about it.
Fred, I don't agree with you, for one time. How you can say to people: your system is vulnerable but it's not a big security hole, a local one, one that you may never meet, so don't apply the patch!? It's not a good security policy neither a good advice for the (new) users, particulary on a Unix system. Kernel is not the less important thing in the OS, so even if the problem is "light" it must be patched. It is not possible, not good, to leave people with potentially vulnerable systems, even for a "little" local problem. Plus, it is a bad habit to give to new users.
When a security hole is found, whatever it is, and your distro gives you a security update for it, apply it!
P.S.= I know, I again play the ugly little duck...
K.I.S.S. ===> "Keep It Simple, Stupid"
"Simplicity is the ultimate sophistication." (Leonardo da Vinci)
"Everything should be made as simple as possible, but no simpler." (Albert Einstein)
"Simplicity is the ultimate sophistication." (Leonardo da Vinci)
"Everything should be made as simple as possible, but no simpler." (Albert Einstein)
Re: Bad Kernel ... ?
..by a potential local venerability that isn't even in the wildFred wrote:A single user desktop, not running a net facing server, on a DHCP connection has a greater chance of being struck by lightning than being compromised by a potential local venerability that isn't even in the wild.
I would have to say that Fred is suggesting a reasonable level of concern
If you have your own computer and are not sharing it with other users (on that system), then a local exploit is absolutely nothing to worry about, you wouldn't be trying to exploit your own system
And even in the case that local users (other than yourself) were using the system; they would need that intention, to exploit/hack the system
--so it would be down to how trustworthy are those users
- linuxviolin
- Level 8
- Posts: 2081
- Joined: Tue Feb 27, 2007 6:55 pm
- Location: France
Re: Bad Kernel ... ?
Yes, I had understood well and I agree on the fact that the risk is minimal, it's "a reasonable level of concern" etc but one does not leave a hole in a system, however small it can be. It's a way to think a little lax and I don't think it's not a good habit/practice to give to the users. Let it to Windows, and yet even Windows tries to correct them...
Your system has a hole, your distro gives you the patch, you apply it. Period.
P.S.= Plus, this can lead further later, in other occasions/situations. Hey, why not? Once you have accustomed, even advised people not to patch their systems, even for a reasonable reason... Do not open the door, please.
P.P.S.= It is always possible to have a not trustworthy user, maybe particulary with a laptop, that by definition you are lugging with you...
Your system has a hole, your distro gives you the patch, you apply it. Period.
P.S.= Plus, this can lead further later, in other occasions/situations. Hey, why not? Once you have accustomed, even advised people not to patch their systems, even for a reasonable reason... Do not open the door, please.
P.P.S.= It is always possible to have a not trustworthy user, maybe particulary with a laptop, that by definition you are lugging with you...
K.I.S.S. ===> "Keep It Simple, Stupid"
"Simplicity is the ultimate sophistication." (Leonardo da Vinci)
"Everything should be made as simple as possible, but no simpler." (Albert Einstein)
"Simplicity is the ultimate sophistication." (Leonardo da Vinci)
"Everything should be made as simple as possible, but no simpler." (Albert Einstein)
Re: Bad Kernel ... ?
Since, all this kernel / security hole (however minor it may be) came about, my LinuxMint has had a few updates.
A couple of these updates were Kernel updates.
Was this particular fix/patch in there somewhere?
Has it been fixed by Debian/Ubuntu/LinuxMint techies already?
A couple of these updates were Kernel updates.
Was this particular fix/patch in there somewhere?
Has it been fixed by Debian/Ubuntu/LinuxMint techies already?
- linuxviolin
- Level 8
- Posts: 2081
- Joined: Tue Feb 27, 2007 6:55 pm
- Location: France
Re: Bad Kernel ... ?
Well, Ubuntu supplies the kernel and they have issued updates for this vulnerability so far, so if as you say, you have "had a few updates. A couple of these updates were Kernel updates" and if you have made them, you should have the last updates and the last kernel, but you can check anyway, you can see at this (August 19, 2009): https://lists.ubuntu.com/archives/ubunt ... 00952.html So, normally no problem for you.vrkalak wrote:Since, all this kernel / security hole (however minor it may be) came about, my LinuxMint has had a few updates.
A couple of these updates were Kernel updates.
Was this particular fix/patch in there somewhere?
Has it been fixed by Debian/Ubuntu/LinuxMint techies already?
P.S.= Red Hat has labelled this security problem as "Important":
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
These updated packages fix the following security issues:
* a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This
macro did not initialize the sendpage operation in the proto_ops structure
correctly. A local, unprivileged user could use this flaw to cause a local
denial of service or escalate their privileges. (CVE-2009-2692, Important)
* a flaw was found in the udp_sendmsg() implementation in the Linux kernel
when using the MSG_MORE flag on UDP sockets. A local, unprivileged user
could use this flaw to cause a local denial of service or escalate their
privileges. (CVE-2009-2698, Important)
K.I.S.S. ===> "Keep It Simple, Stupid"
"Simplicity is the ultimate sophistication." (Leonardo da Vinci)
"Everything should be made as simple as possible, but no simpler." (Albert Einstein)
"Simplicity is the ultimate sophistication." (Leonardo da Vinci)
"Everything should be made as simple as possible, but no simpler." (Albert Einstein)