ALERT: Urgent - Kernel Security Advisory
Date: Thursday, December 04 @ 11:42:42 CET
Topic: Security


A very serious Kernel Security Advisory has been issued that could allow hackers to gain access to the root directory though a kernel exploit.

Details:

Updated kernel packages are now available that contain fixes for security vulnerabilities as well as fixes for bugs in the audigy, cmd640 IDE, and USB drivers.

The Linux kernel handles the basic functions of the operating system.

Several security issues have been found that affect the Linux kernel:

Al Viro found a security issue in the tty layer whereby any user could cause a kernel oops. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0247 to this issue.

Andrea Arcangeli found an issue in the low-level mxcsr code in which a malformed address would leave garbage in cpu state registers. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0248 to this issue.

The TCP/IP fragment reassembly handling allows remote attackers to cause a denial of service (CPU consumption) via packets that cause a large number of hash table collisions, a vulnerability similar to CAN-2003-0244. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0364 to this issue.

It is recommended that users upgrade to these erratum kernels, which contain patches to correct these vulnerabilities. In addition, these kernels fix a number of bugs:

Driver bugs fixes are included for the Silicon Image IDE driver, the USB ohci driver, the Audigy driver, and the driver for the Olympus Camedia digital camera.

Information and how to patch the kernel along with important links to related websites and discussion threads can be found here at LearningLinux.com: http://www.learninglinux.com/article-437--0-0.html





This article comes from NukeCops
http://www.nukecops.com

The URL for this story is:
http://www.nukecops.com/modules.php?name=News&file=article&sid=1099