Linux gets fix for code-execution flaw that was undetected since 2009

Posted by BernardSwiss on May 13, 2014 5:15 AM EDT
Ars Technica; By Dan Goodin
Mail this story
Print this story

Maintainers of the Linux kernel have patched one of the more serious security bugs to be disclosed in the open source operating system in recent months. The five-year-old code-execution hole leaves computers used in shared Web hosting services particularly vulnerable, so users and administrators should make sure systems are running updated versions that contain a fix.

The memory-corruption vulnerability, which was introduced in version 2.6.31-rc3, released no later than 2009, allows unprivileged users to crash or execute malicious code on vulnerable systems, according to the notes accompanying proof-of-concept code available here. The flaw resides in the n_tty_write function controlling the Linux pseudo tty device.

Full Story

» Read more about: Story Type: News Story, Security; Groups: Kernel, Linux

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.