Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

  1. #1
    Join Date
    Jan 2012
    Beans
    753

    Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

    http://www.phoronix.com/scan.php?pag...tem&px=MTMxMTg

    What are the implications of this? Are all kernels, until 3.9 comes out (and I know Ubuntu/Kubuntu won't adopt the 3.9 kernel for quite a while) completely insecure? Or what versions of the other kernels have patches out that fix them?

  2. #2
    Join Date
    Jan 2009
    Location
    ::1
    Beans
    2,462

    Re: Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

    The article says:

    "The issue will be addressed in the Linux 3.9 kernel and should make it back to the latest stable point releases of the affected Linux kernel series."

    So I expect Canonical will apply the patch against supported kernels, and you will get the patched kernel via the Ubuntu usual update/upgrade process.

    My kernel on 12.10 is now "Linux R540 3.5.0-21-generic #32-Ubuntu SMP Tue Dec 11 18:51:59 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux"

    So: dated 11 December 2012, thus not yet patched (as the patch is newer than that) ... let's see if this kernel is upgraded in the coming days.

  3. #3
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

    A fix has already been released.

    http://www.ubuntu.com/usn/usn-1750-1/

    http://www.ubuntu.com/usn/usn-1751-1/

    http://www.ubuntu.com/usn/usn-1749-1/

    http://people.canonical.com/~ubuntu-...2013-1763.html

    Linux is not Windows and in general patches are released much faster.

    You may wish to bookmark this page - http://www.ubuntu.com/usn

    In the future, it is worth searching that page for security bugs and fixes
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  4. #4
    Join Date
    Jan 2012
    Beans
    753

    Re: Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

    So if I'm using http://kernel.ubuntu.com/~kernel-ppa...3.6.3-quantal/, how do I upgrade to an invulnerable (is that the right word?) kernel version?

    Or if I have to go back to using an older kernel, how do I get it to roll out to me automatically? For some reason the PPA seems disabled because I haven't been receiving ANY kernel updates (which is why I have to do it manually now).

  5. #5
    Join Date
    Dec 2012
    Beans
    51

    Vulnerability in recent Linux kernels offers root rights

    An error in the handling of special netlink messages in the Linux kernel can allow a user to surreptitiously gain root privileges.
    For the full article, please click on the following link: http://www.h-online.com/security/new...s-1810597.html

    My question: has a patched been issued for Ubuntu 12.04 LTS and 12.10 to fix the above vulnerability?

  6. #6
    Join Date
    Mar 2008
    Beans
    1,219

    Re: Vulnerability in recent Linux kernels offers root rights

    12.04 uses kernel v3.2 by default.

  7. #7
    Join Date
    Apr 2005
    Location
    EU - UK
    Beans
    3,323
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Vulnerability in recent Linux kernels offers root rights

    Quote Originally Posted by regency View Post
    My question: has a patched been issued for Ubuntu 12.04 LTS and 12.10 to fix the above vulnerability?
    Yes.

  8. #8
    Join Date
    Mar 2006
    Location
    Williams Lake
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Vulnerability in recent Linux kernels offers root rights

    A good place to check if an exploit/bug has been fixed is Ubuntu Security Notices

  9. #9
    Join Date
    Mar 2006
    Location
    Williams Lake
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

    You should be able to use any of the Raring kernels listed on the same page. In the Raring sub-forum we have posters that try every new mainline kernel as it's released, no matter what released Ubuntu version they are using.

  10. #10
    Join Date
    Mar 2006
    Location
    Williams Lake
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

    Merged two similar threads, after posting in both of them.

Page 1 of 3 123 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •