Unpatched major kernel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



eldavojohn writes

"On June 17th, the X.org team was notified by Invisible Things Lab of
a critical security flaw (PDF) that affected both x86_32 and x86_64
platforms. The flaw deals with escalated privileges of a user process
that has access to the X server. The founder of ITL said of the flaw,
'The attack allows a (unpriviliged) user process that has access to
the X server (so, any GUI application) to unconditionally escalate to
root (but again, it doesn't take advantage of any bug in the X
server!). In other words: any GUI application (think e.g. sandboxed
PDF viewer), if compromised (e.g. via malicious PDF document) can
bypass all the Linux fancy security mechanisms, and escalate to root,
and compromise the whole system.' This has apparently been a security
flaw since kernel 2.6 was released. From the article, 'On 13 August,
Linus Torvalds committed an initial fix, but several patches were
added afterward for various reasons. The problem has been addressed in
versions 2.6.27.52, 2.6.32.19, 2.6.34.4 and 2.6.35.2 of the kernel.'"

http://tech.slashdot.org/story/10/08/18/1534258/Linux-Xorg-Critical-Security-Flaw-Silently-Patched

==============

August 13 is 10 days ago. Kernel.org now says the latest stable version is:

stable:  	2.6.32.20  	2010-08-20

http://www.all.kernel.org/

It was out 3 days ago.

Any reason Fedora is not updating the kernel on what looks like a major flaw.
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux