New Linux Kernel Patched
Page 1 of 1
A pair of potential security vulnerabilities in the Linux kernel has been patched with a new point release.
The two issues may affect all Linux Kernel versions prior to the patched 220.127.116.11, which was released late last week. The 2.6.13 kernel was released just two weeks ago.
Neither of the vulnerabilities are reported to be remotely exploitable, but could be exploited by a local attack to trigger a Denial-of-Service attack or possibly disclose sensitive information.
CAN-2005-2492 is titled, "raw_sendmsg DoS" and could potentially lead to a memory read. According to the change log for 2.6.13, "The result of the read is not returned directly but you may be able to divine some information about it, or use the read to cause a crash on some architectures by reading."
CAN-2005-2490 is titled, "32bit sendmsg() flaw" which could allow for a local attacker to gain root privileges and execute arbitrary commands with those privileges.