Kernel vulnerability discovered

Chat about anything related to Linux Mint

Kernel vulnerability discovered

Postby dee. on Thu Feb 28, 2013 5:01 am

http://www.phoronix.com/scan.php?page=n ... px=MTMxMTg

The article says this recently uncovered exploit affects kernels from 3.3 and up, but other sources claim earlier kernels are also affected.

Which is true and is this something a Mint user should worry about much? Here's hoping this gets fixed quickly and a kernel update is soon to come into the repositories.

Some even theorize this exploit was purposely planted to the kernel by CIA or something (seems pretty far out, but these days, who knows...)


edit: appears this exploit has already been patched. Anyone know when the kernel update comes to Mint or if it has come already?
dee.
Level 4
Level 4
 
Posts: 241
Joined: Sun Jan 20, 2013 6:29 pm

Linux Mint is funded by ads and donations.
 

Re: Kernel vulnerability discovered

Postby eanfrid on Thu Feb 28, 2013 5:06 am

The fixed kernel 3.5.0-25 is already available in the repos since a couple of days ;)
Code: Select all
3.5.0-25-generic #39~precise1-Ubuntu SMP Tue Feb 26 00:07:14 UTC 2013 x86_64
Main desktop: Debian GNU/Linux Wheezy 64bit w/custom 3.14 longterm kernel - MATE 1.8.1
(i5 2400@3.7GHz - 16GB DDR3 - HD6770 w/radeon driver - SSD+RAID1)
User avatar
eanfrid
Level 7
Level 7
 
Posts: 1533
Joined: Mon Apr 30, 2012 2:49 am
Location: there is no place like ~

Re: Kernel vulnerability discovered

Postby dee. on Thu Feb 28, 2013 10:05 am

eanfrid wrote:The fixed kernel 3.5.0-25 is already available in the repos since a couple of days ;)
Code: Select all
3.5.0-25-generic #39~precise1-Ubuntu SMP Tue Feb 26 00:07:14 UTC 2013 x86_64


Ok that's nice.

So what about the 3.2 kernel, I assume it's not affected by this exploit?
dee.
Level 4
Level 4
 
Posts: 241
Joined: Sun Jan 20, 2013 6:29 pm

Re: Kernel vulnerability discovered

Postby Monsta on Thu Feb 28, 2013 12:32 pm

dee. wrote:So what about the 3.2 kernel, I assume it's not affected by this exploit?

Looks like it's not.

Did you even try to run the exploit on a v3.2 kernel? Or even more
simple, looked at the code of a v3.2 kernel? There is no sock_diag
anywhere in the kernel; there is only inet_diag. And inet_diag hadn't
and still does not have the out-of-bounds access issue. So no, this
bug is non-existent on a v3.2 kernel.

- from http://seclists.org/oss-sec/2013/q1/432
Monsta
Level 8
Level 8
 
Posts: 2319
Joined: Fri Aug 19, 2011 3:46 am

Re: Kernel vulnerability discovered

Postby dee. on Thu Feb 28, 2013 2:11 pm

Yeah, looks good.
dee.
Level 4
Level 4
 
Posts: 241
Joined: Sun Jan 20, 2013 6:29 pm


Return to Chat about Linux Mint

Who is online

Users browsing this forum: No registered users and 1 guest

cron