April 12th, 2006 by Keith

Linux Kernel 2.6.16.4 – Security Patch

Posted in Development Software, Linux, Site News

Linux Penguin

The latest stable release of Linux kernel is version 2.6.16.4, released on April 11, 2006. The change log are located here.

According to sources from Security Lab, there is a major security issue arising from Linux machines running kernel 2.6.x, resulting in local DoS (Denial-of-Services) vulnerability.


The problem is as described as from the article:
The problem lies in sys_timer_create() in Linux/kernel/posix-timers.c. Each time user creates a posix timer, some kernel memory is allocated. Since count of timers that can be created by user is limited only by sigqueue size (ex. 4294967295 in Debian) every local user can exhaust all avaible memory which will trigger oom_killer (mm/oom_kill.c). If a process itself uses a small amount of memory, it’s oom_score will be low, so all other processes would be killed.

The change log from Linux kernel version 2.6.16.3 was noted to consist of a single patch for what appears initially to be an issue in the key management code. The 4th stable release, 2.6.16.4, patches the RCU signal handling.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Search

Categories

Translate

  • German Spanish French Italian Japanese Korean Portuguese Chinese

Offers