Holes found in Linux Ubuntu kernel
Summary: Almost 40 vulnerabilities have been discovered in the kernel of Linux Ubuntu 10.04, also known as Lucid Lynx, which is a long-term support version of the operating system.
Almost 40 vulnerabilities have been discovered in the kernel of Linux Ubuntu 10.04, also known as Lucid Lynx, which is a long-term support version of the operating system.
The holes, which allow remote and local exploits, also apply to corresponding versions of Kubuntu, Edubuntu and Xubuntu. The vulnerabilities include an issue with the way the Common Internet File System validates Internet Control Message Protocol (ICMP) response packets. The issue allows an attacker to send denial-of-service crafted packets. In addition, a hole in the Network File System v4 (NFSv4) bungles certain write requests allowing malicious users to craft traffic to gain root privileges.
"If you block ICMP you will get UDP (User Datagram Protocol) trouble because it does not have reliability built into it. You will get ICMP messages back," Securus Global researcher Declan Ingram said. "Being able to cause a kernel panic with an ICMP unreachable message is bad."
For more on this story, read Ubuntu peppered with holes on ZDNet Australia.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
RE: Holes found in Linux Ubuntu kernel
RE: Holes found in Linux Ubuntu kernel
RE: Holes found in Linux Ubuntu kernel
Oh, I do. The ZDNet Australia story mentioned that they'd been fixed, although it manages to invite the reader to characterize the fixes as "onerous." The ZDNet America story is even more yellow in that it fails to mention the updates. Such coverage is *exactly* what we expect from this venue under its current ownership and management.
So what the story is actually saying
is that they knew about the vulrnerabilities for a while and didn't tell users how to protect themselves in the interm.
RE: Holes found in Linux Ubuntu kernel
RE: Holes found in Linux Ubuntu kernel
Guys, it is ZDNet's duty to report on security issues in Ubuntu / Linux,
RE: Holes found in Linux Ubuntu kernel
Someone (ZDNet) must have been asleep!
RE: Holes found in Linux Ubuntu kernel
This is a non-issue
LOL! Of course it's a non-issue.
Just update to the most recent kernel and you're safe.[/i]
However if the discuss were about Windows it would be yet another example of how bug ridden Windows is. Hypocrissy at its finest.
If this were a topic about Windows
I know, I have.
Some how I don't think you would.
I would say the same thing.[/i]
I don't see you anywhere to be found in the "MS Patch Tuesday heads-up: Critical flaws in Windows, Office" talkbacks saying the same thing. As a matter of fact I don't see you having posted there at all.
These past couple of weeks
RE: Holes found in Linux Ubuntu kernel
You did post several comments.
Microsoft Patch Tuesday: The bottom line, December 14, 2010, 1:01pm PST
How do you find those?
RE: Holes found in Linux Ubuntu kernel
Search: Microsoft Patch Tuesday
You comments back then in line to what you wrote above.
Guys, everybody relax, it is ZDNet's duty to report on Ubuntu / Linux. When
Yeah, but I just wanted to make sure it was known