February 19, CNET News.com
Three separate security flaws could be used by an ordinary user to gain total control of a Linux server or workstation, security researchers have warned. Two of the vulnerabilities lie in the way the Linux kernel - the core of the open−source operating system - manages memory. They affect all current versions of Linux, according to advisories released on Wednesday by iSEC Security Research, a Polish security company. The third flaw affects the module for the kernel that supports ATI Technologies' Rage 128−bit video card. Because Linux is frequently used on shared servers, security holes that allow a user to expand their access rights on a computer are serious, said Alfred Huger of Symantec. However, they are not as critical as flaws that allow an outsider to compromise the computer, he said. The Linux Kernel Project released a new version of the 2.4 series kernel - version 2.4.25 - to fix the vulnerability. Linux companies and projects that package their own version of Linux have rushed to deliver updates. Red Hat, Novell's SuSE Linux, Debian and other Linux distributions had released fixes by Thursday, February 19.
Source:
http://news.com.com/2100−1002_3−5162055.html?tag=nefd_top
Three separate security flaws could be used by an ordinary user to gain total control of a Linux server or workstation, security researchers have warned. Two of the vulnerabilities lie in the way the Linux kernel - the core of the open−source operating system - manages memory. They affect all current versions of Linux, according to advisories released on Wednesday by iSEC Security Research, a Polish security company. The third flaw affects the module for the kernel that supports ATI Technologies' Rage 128−bit video card. Because Linux is frequently used on shared servers, security holes that allow a user to expand their access rights on a computer are serious, said Alfred Huger of Symantec. However, they are not as critical as flaws that allow an outsider to compromise the computer, he said. The Linux Kernel Project released a new version of the 2.4 series kernel - version 2.4.25 - to fix the vulnerability. Linux companies and projects that package their own version of Linux have rushed to deliver updates. Red Hat, Novell's SuSE Linux, Debian and other Linux distributions had released fixes by Thursday, February 19.
Source:
http://news.com.com/2100−1002_3−5162055.html?tag=nefd_top