New local root hole in linux kernel in kernels back to 2001

UPDATE: This exploit doesnt seem to affect my Debian Lenny, anyone else tried? Someone please confirm if the temp-fix does NOT work.

http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html
http://www.theregister.co.uk/2009/08/14/critical_linux_bug/

Second time this summer linux kernel experiences big security holes. *shrug*
And this time around its for _ALL_ kernels all the way back to 2001.

Proposed temp-fix:
#!/bin/bash
# temp-fix until patched for
# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692
# http://www.theregister.co.uk/2009/08/14/critical_linux_bug/
cd /lib/modules/$(uname -r)/kernel/ && \
for i in \
net/ipx/ipx.ko \
net/irda/irda.ko net/x25/x25.ko \
net/ax25/ax25.ko \
net/bluetooth/bluetooth.ko \
net/sctp/sctp.ko \
drivers/net/pppoe.ko \
drivers/net/pppox.ko;
do rm -f $i;done

This should hopefully solve this security hole until debian/other dists releases updates.

Tags: , , ,

Linux Kernel 2.6.27 released

A little bit late, but hey on the October 9th, 2.6.27 got released!
Are you one of us normal flesh and bones people not understanding crapshit of the changelogs and whats new in the kernel?
Then you should check out Kernel Newbies

Of rather nice features in this new kernel:
- new fs specially optimized for flash based units(SSD etc.) called UBIFS
- XEN support for saving/restoring VMs
- improved video camera support
- support for the Intel wireless 5000 series and RTL8187B network cards,
- a new ath9k driver
- alternative hibernation implementation based on kexec/kdump
- more new drivers +++ much more fixes and improvements

This kernel will be integrated in Ubuntu 8.10 released in the end of October.

Tags: ,