LinuxQuestions.org - Kernel 2.6.13.1 fixes a couple security flaws.

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Kernel 2.6.13.1 fixes a couple security flaws. (https://www.linuxquestions.org/questions/linux-security-4/kernel-2-6-13-1-fixes-a-couple-security-flaws-363069/)

Kernel 2.6.13.1 fixes a couple security flaws.

The two flaws apparently affects all kernels prior to 2.6.13.1.

CAN-2005-2492 is titled, "raw_sendmsg DoS" and could potentially lead to a memory read. According to the change log for 2.6.13, "The result of the read is not returned directly but you may be able to divine some information about it, or use the read to cause a crash on some architectures by reading."

CAN-2005-2490 is titled, "32bit sendmsg() flaw" which could allow for a local attacker to gain root privileges and execute arbitrary commands with those privileges.

http://www.internetnews.com/dev-news...le.php/3548031

$ uname -a
Linux spongebob 2.6.13.1 #1 Tue Sep 13 00:07:46 EST 2005 i686 GNU/Linux

Thanks. Stickied until the next LQ Sec report.

FYI, beginning with the 2.6.13 kernel, udev is a requirement for installing the kernel. If you have an older OS w/out udev, you won't be able to upgrade to this series.