≡ Menu


Security Alert: Ubuntu Linux kernel vulnerabilities

Ubuntu Linux today pushed out a new version of Linux kernel to fix serval local and remote security issues. A malicious CIFS server could cause a client system crash or possibly execute arbitrary code with kernel privileges. On SMP systems, a race condition existed in fcntl(). Local attackers could perform malicious locks, causing system crashes and leading to a denial of service. This security issue affects the following Ubuntu, Kubuntu, Edubuntu, and Xubuntu. releases:

=> Ubuntu 6.06 LTS
=> Ubuntu 7.04
=> Ubuntu 7.10

To fix this issue type the following two commands:
$ sudo apt-get update
$ sudo apt-get upgrade

You need to reboot your computer to effect the necessary changes, enter:
$ sudo reboot

Sysadmin because even developers need heroes!!!

GCC Compiler 4.3.0 exposes a Linux / BSD kernel bug

Since version 4.3, gcc changed its behavior concerning the x86/x86-64 ABI and the direction flag, that is it now assumes that the direction flag is cleared at the entry of a function and it doesn’t clear once more if needed. According to LWN article GCC 4.3.0 exposes a kernel bug:

A change to GCC for a recent release coupled with a kernel bug has created a messy situation, with possible security implications. GCC changed some assumptions about x86 processor flags, in accordance with the ABI standard, that can lead to memory corruption for programs built with GCC 4.3.0. No one has come up with a way to exploit the flaw, at least yet, but it clearly is a problem that needs to be addressed.

=> GCC 4.3.0 exposes a kernel bug (via ./)