Linux.com

Home News Software Linux Kernel Development Linux Gets Fix for Code-Execution Flaw that Went Unpatched Since 2009

Linux Gets Fix for Code-Execution Flaw that Went Unpatched Since 2009

Maintainers of the Linux kernel have patched one of the more serious security bugs to be disclosed in the open source operating system in recent months. The five-year-old code-execution hole leaves computers used in shared Web hosting services particularly vulnerable, so users and administrators should make sure systems are running updated versions that contain a fix.

The memory-corruption vulnerability, which was introduced in version 2.6.31-rc3, released no later than 2009, allows unprivileged users to crash or execute malicious code on vulnerable systems, according to the notes accompanying proof-of-concept code available here. The flaw resides in the n_tty_write function controlling the Linux pseudo tty device.

Read 3 remaining paragraphs | Comments

Read more at Ars Technica
 

Comments

Subscribe to Comments Feed

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board