RealTime IT News

Linux Kernel Point Release Fixes Flaws

It's a familiar refrain. A new Linux kernel is released and a short time later it's augmented by a point release that addresses a potential security vulnerability.

The new 2.6.16.1 Linux kernel point release follows the 2.6.16 release by a week and includes various bug fixes, as well as a fix for a potential security vulnerability.

The potential vulnerability is called the "Linux Kernel IP ID Value Increment Weakness" by security firm Secunia and carries a "not-critical" rating.

The "weakness" could have potentially allowed for unauthorized system information disclosure, as well as a security restriction bypass. The problem is due to an error in the "ip_push_pending_frames()" function, which has been corrected in the new point release.

There are also some 22 other patches in 2.6.16.1 fixing an array of issues that caused various minor hang-ups and unexpected behaviors.

Point releases following major releases are a common occurrence for the current 2.6.x development train.

The 2.6.15 kernel was patched barely two weeks after its release, fixing three potential security vulnerabilities.

The 2.6.13 kernel was patched shortly after its release for two vulnerabilities. And just days after the 2.6.12 kernel was released, it was patched for two issues, as well.