Kernel vulnerability discovered

Chat about anything related to Linux Mint
dee.
Level 4
Level 4
Posts: 240
Joined: Sun Jan 20, 2013 6:29 pm

Kernel vulnerability discovered

Postby dee. » Thu Feb 28, 2013 5:01 am

http://www.phoronix.com/scan.php?page=n ... px=MTMxMTg

The article says this recently uncovered exploit affects kernels from 3.3 and up, but other sources claim earlier kernels are also affected.

Which is true and is this something a Mint user should worry about much? Here's hoping this gets fixed quickly and a kernel update is soon to come into the repositories.

Some even theorize this exploit was purposely planted to the kernel by CIA or something (seems pretty far out, but these days, who knows...)


edit: appears this exploit has already been patched. Anyone know when the kernel update comes to Mint or if it has come already?

User avatar
eanfrid
Level 7
Level 7
Posts: 1865
Joined: Mon Apr 30, 2012 2:49 am
Location: FR

Re: Kernel vulnerability discovered

Postby eanfrid » Thu Feb 28, 2013 5:06 am

The fixed kernel 3.5.0-25 is already available in the repos since a couple of days ;)

Code: Select all

3.5.0-25-generic #39~precise1-Ubuntu SMP Tue Feb 26 00:07:14 UTC 2013 x86_64
Main desktop: Debian GNU/Linux Jessie 64bit - MATE
(i5 2400@3.7GHz - 16GB DDR3 - HD6770 w/radeon driver - SSD+RAID1)
Safer than Dropbox

dee.
Level 4
Level 4
Posts: 240
Joined: Sun Jan 20, 2013 6:29 pm

Re: Kernel vulnerability discovered

Postby dee. » Thu Feb 28, 2013 10:05 am

eanfrid wrote:The fixed kernel 3.5.0-25 is already available in the repos since a couple of days ;)

Code: Select all

3.5.0-25-generic #39~precise1-Ubuntu SMP Tue Feb 26 00:07:14 UTC 2013 x86_64


Ok that's nice.

So what about the 3.2 kernel, I assume it's not affected by this exploit?

Monsta
Level 9
Level 9
Posts: 2938
Joined: Fri Aug 19, 2011 3:46 am

Re: Kernel vulnerability discovered

Postby Monsta » Thu Feb 28, 2013 12:32 pm

dee. wrote:So what about the 3.2 kernel, I assume it's not affected by this exploit?

Looks like it's not.

Did you even try to run the exploit on a v3.2 kernel? Or even more
simple, looked at the code of a v3.2 kernel? There is no sock_diag
anywhere in the kernel; there is only inet_diag. And inet_diag hadn't
and still does not have the out-of-bounds access issue. So no, this
bug is non-existent on a v3.2 kernel.

- from http://seclists.org/oss-sec/2013/q1/432

dee.
Level 4
Level 4
Posts: 240
Joined: Sun Jan 20, 2013 6:29 pm

Re: Kernel vulnerability discovered

Postby dee. » Thu Feb 28, 2013 2:11 pm

Yeah, looks good.


Return to “Chat about Linux Mint”

Who is online

Users browsing this forum: b2a8r1 and 0 guests