Linux Security Holes Opened and Closed

    Date23 Feb 2004
    4096
    Posted ByAnthony Pell
    In stark contrast to the long waits typical for Windows users wanting to patch software vulnerabilities, recently discovered security weaknesses in the core of the Linux operating system were addressed by major vendors in a matter of just a few days this week. Two security vulnerabilities in the Linux kernel's memory management code reported by security researcher iSEC were addressed and are now fixed in versions 2.4.25 and 2.6.3 of the Linux kernel. Linux vendors and distributors that have released fix updates include Red Hat, Novell's SuSE Linux and the Debian Project. Independent security expert Ryan Russell said that regardless of the Windows-Linux debate over which operating system is more secure, there is little doubt that open-source vendors respond more quickly when vulnerabilities emerge. . . . In stark contrast to the long waits typical for Windows users wanting to patch software vulnerabilities, recently discovered security weaknesses in the core of the Linux operating system were addressed by major vendors in a matter of just a few days this week.

    Two security vulnerabilities in the Linux kernel's memory management code reported by security researcher iSEC were addressed and are now fixed in versions 2.4.25 and 2.6.3 of the Linux kernel. Linux vendors and distributors that have released fix updates include Red Hat, Novell's SuSE Linux and the Debian Project.

    Independent security expert Ryan Russell said that regardless of the Windows-Linux debate over which operating system is more secure, there is little doubt that open-source vendors respond more quickly when vulnerabilities emerge.

    "One area people can agree on is the open-source vendors do a much quicker job of making patches available," Russell told LinuxInsider. "Open-source vendors are producing the patches quicker. Even if not, as an open-source user, you have the opportunity to fix the problem yourself."

    Kernel Breach

    iSEC said the vulnerability was identified in the Linux kernel memory management code inside the mremap system call and was caused by a missing function-return value-check. The security firm said the latest issue is not related to another memory-management code vulnerability disclosed earlier this year, which involved incorrect bound checks.
    Although security experts downplayed the severity of the Linux holes reported this week, Russell said that because they were kernel-based, they were widespread among all Linux operating systems.

    "Being in the kernel makes it a little bit more universal," he said. "If you're running Linux, you do have the vulnerability unless you've upgraded to an updated version."

    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    13
    radio
    [{"id":"55","title":"Yes","votes":"4","type":"x","order":"1","pct":80,"resources":[]},{"id":"56","title":"No","votes":"1","type":"x","order":"2","pct":20,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.