'

MandrakeSoft withdraws 'unsafe' Linux update

The Linux distributor has advised users not to install a recent upate to the Mandrake Linux 9.1 kernel, after discovering a serious flaw

MandrakeSoft has advised users of its Mandrake Linux 9.1 operating system not to install a security update released on Sunday due to a serious security bug in the update. If users have already installed the update, MandrakeSoft urged them to downgrade to a previous version if possible.

The unusual warning concerned a routine security update to the kernel, or core, of Mandrake Linux 9.1 released at the beginning of this week. On Tuesday, the company warned that the kernel update was not safe, as it was creating files that could be altered by any user.

"The regular kernel (kernel-2.4.21.0.24mdk) has a problem where it is ignoring umask settings and instead is creating files with mode 0666 (world writeable)," wrote MandrakeSoft security update manager Vincent Danen to a Mandrake security mailing list. He said MandrakeSoft's secure and enterprise kernels were not affected by the bugs.

The updated kernel, kernel-2.4.21.0.24mdk, should be rolled back to kernel 18mdk or 13mdk if possible, or swapped for the secure kernel, Danen said. MandrakeSoft said it was working on a fix for the 24mdk kernel, and said it expected to release the fix on Friday.

The latest kernel update fixed several software bugs and security holes.


For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Let the editors know what you think in the Mailroom.