Security flaws force Linux kernel upgrade

By Robert Lemos
Staff Writer, CNET News

Post a comment

Related Stories: Linux gets heart transplant with 2.6.0
December 17, 2003; Linux guru: Move quickly to new kernel
December 5, 2003; Flaw in Linux kernel allows attack
December 1, 2003

Open-source developers released a new version of the Linux kernel Monday in a move aimed at quickly fixing several bugs--among them two serious security flaws.

The 2.4.24 upgrade to the Linux kernel comes a month after the release of the previous version of the core system software and only includes patches for six software issues, including the two flaws.



		Get Up to Speed on... Open source Get the latest headlines and company-specific news in our expanded GUTS section.

The release is intended to prompt users to upgrade quickly, said Marcelo Tosatti, the maintainer of the 2.4 kernel series and a Linux developer for data center management company Cyclades.

"These security issues need to be fixed as soon as possible," Tosatti told CNET News.com in an interview Monday. As maintainer, Tosatti decides what changes can be made to the kernel and when to release new versions of the core system software for Linux.

The most serious flaw, which occurs in a function used by virtual memory, resembles a vulnerability fixed in late November that had been exploited by unknown attackers to control several key Linux servers open-source developers use. Both flaws allow an intruder to increase the privileges of a normal user account to the same level as the system's owner.

Tosatti said that once it became clear that the latest flaw could be used to circumvent security on Linux systems, he and other developers



		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

decided to immediately release the fixes. The move follows decisions by the kernel developers to curtail new features in the 2.4 kernel series in order to get developers and users to move to the next generation of core Linux software, the 2.6 kernel. The final set of features that had been intended for this release of the kernel have been postponed until the next version, he said.

"It is good that I have the ability--because this is open source--to release the code so quickly," Tosatti said.

The second security flaw results in a device driver problem that could allow an intruder to read some memory the kernel uses.

The latest version of the kernel can be downloaded from Kernel.org. Patches for specific Linux distributions can be downloaded from their developers.

Latest tech news headlines

Inside the Apple, er, Microsoft Store
Posted in Beyond Binary by Ina Fried

December 1, 2009 4:00 AM PST
Man loses job after searching too hard for aliens
Posted in Technically Incorrect by Chris Matyszczyk

November 30, 2009 7:42 PM PST
Google hosts energy experts amid climate talks
Posted in Relevant Results by Tom Krazit

November 30, 2009 6:01 PM PST
See all headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets: Market news, charts, SEC filings, and more; Related quotes; Dow Jones Industrials (0.00%) 0.00 10,344.84; S&P 500 (0.00%) 0.00 1,095.63; NASDAQ (0.00%) 0.00 2,144.60; CNET TECH (0.00%) 0.00 1,574.88

Inside CNET News

Scroll Left Scroll Right

Technically Incorrect
Man loses job after searching too hard for aliens
An employee of an Arizona school district is asked to resign after school officials allege he had downloaded alien-seeking software to all the district's computers.
Gallery
App Store collector's items: 10 rarities (images)
The Open Road
Open source: No vow of poverty (or get-rich-quick scheme)
Open source is not a sure-fire way to get developers, income, or much of anything, but used right it can help to grow a proprietary software business. Go figure.
Beyond Binary
Inside the Apple, er, Microsoft Store
Although Redmond's foray into retail bears a big resemblance to Apple's approach, Microsoft has added some distinctive features to draw casual PC buyers and techies alike.
Video
A window into the Microsoft Store
Digital Media
The browser battles go on and on
roundup From Firefox to IE and from Chrome to Opera and Safari, there's no sitting still for browser makers looking to keep their products fresh and competitive.
Video
Google Chrome OS demonstration
Geek Gestalt
Nintendo primed for holiday console dominance
Based on Thanksgiving week numbers provided by Nintendo, an analyst has concludes that the Wii appears likely to have far outsold the Xbox and PS3 in November.
Cutting Edge
Inside CERN with a collider scientist
Crave UK chats with a particle physicist directly involved in the Large Hadron Collider experiments to get a sense of what it's like to work in a geek heaven.
Gallery
Noisebridge hacker collective (photos)
Crave
Crave giveaway of the day: Panasonic Lumix DMC-ZR1 digital camera
Today's Crave Giveaway is a Panasonic Lumix DMC-ZR1 digital camera.
Relevant Results
Google hosts energy experts amid climate talks
Next week, the international community plans to discuss climate change and green energy, and U.S. energy experts kicked things off at Google's offices Monday