A pair of potential security vulnerabilities in the Linux kernel has been
patched with a new point release.
The two issues may affect all Linux Kernel versions prior to the patched
2.6.13.1, which was released late last week. The 2.6.13 kernel
was released just two weeks ago.
Neither of the vulnerabilities are reported to be remotely exploitable,
but could be exploited by a local attack to trigger a Denial-of-Service attack or possibly disclose sensitive information.
CAN-2005-2492 is titled, “raw_sendmsg DoS” and could potentially lead to
a memory read.
According to the change log for 2.6.13, “The result of the read is not
returned directly but you may be able to divine some information about it,
or use the read to cause a crash on some architectures by reading.”
CAN-2005-2490 is titled, “32bit sendmsg() flaw” which could allow for a
local attacker to gain root privileges and execute arbitrary commands with
those privileges.
Prior to the 2.6.13 release, the 2.6.12 release in June was in Junewas also plagued by a critical flaws that were fixed just days after the release.