Stories
Slash Boxes
Comments

SoylentNews is people

posted by CoolHand on Monday October 01 2018, @03:39PM   Printer-friendly

Android, Debian and Ubuntu users are still at risk.

https://threatpost.com/another-linux-kernel-bug-surfaces-allowing-root-access/137800/

A high-severity cache invalidation bug in the Linux kernel has been uncovered, which could allow an attacker to gain root privileges on the targeted system.

This is the second kernel flaw in Linux to debut in the last week; a local-privilege escalation issue was also recently discovered.

The flaw (CVE-2018-17182), which exists in Linux memory management in kernel versions 3.16 through 4.18.8, can be exploited in many different ways, “even from relatively strongly sandboxed contexts,” according to Jann Horn, a researcher with Google Project Zero.

The Linux team fixed the problem in the upstream kernel tree within two days of Horn responsibly reporting it on Sept. 18, which Horn said was “exceptionally fast, compared to the fix times of other software vendors.”

The bad news is that Debian stable and Ubuntu releases 16.04 and 18.04 have not yet patched the vulnerability – and Android users remain at risk.

“Android only ships security updates once a month,” Horn said, in a blog post on the flaw this week. “Therefore, when a security-critical fix is available in an upstream stable kernel, it can still take weeks before the fix is actually available to users—especially if the security impact is not announced publicly.”

The Flaw

-- submitted from IRC


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by datapharmer on Monday October 01 2018, @05:05PM (6 children)

    by datapharmer (2702) on Monday October 01 2018, @05:05PM (#742360)

    So who introduced the bug and was it an honest mistake or an "honest mistake" **wink wink**?

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: -1, Troll) by Anonymous Coward on Monday October 01 2018, @05:34PM (4 children)

    by Anonymous Coward on Monday October 01 2018, @05:34PM (#742370)

    Neither. It was time-traveling SJWs doing a victory lap after-before successfully completing the temporal incursions necessary to create a timeline where a CoC will has been adopted in the second half of 2018!

    • (Score: 2) by takyon on Monday October 01 2018, @05:44PM (3 children)

      by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Monday October 01 2018, @05:44PM (#742373) Journal

      There's an article coming out in an hour and a half that I think you'll love.

      --
      [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
      • (Score: 0) by Anonymous Coward on Monday October 01 2018, @06:08PM (2 children)

        by Anonymous Coward on Monday October 01 2018, @06:08PM (#742386)

        Oooh, robot brothels!

        That's a thread I'm going to skip. Well, I don't know. Nothing is as a fun as it used to be. I haven't even been playing video games the past few weeks. Been crying for no reason, and it's been getting more frequent. I had something that made life... acceptable, but it ran out. Probably not what you're thinking. Just holding on until I have some more in a few weeks. Then I will be able to resume my credible impression of that dog drinking coffee in his kitchen while his house is burning down.

  • (Score: 0) by Anonymous Coward on Monday October 01 2018, @06:53PM

    by Anonymous Coward on Monday October 01 2018, @06:53PM (#742413)

    HM (honest mistake) and HMWW (honest mistake wink wink) are not three letters, so we must be 'safe.' :)
    Just minutes ago, Mint updated to 4.15.0-36 ... a few steps behind any fix to the 4.18 series. Hardly anyone can keep up with this anymore. sigh.