Welcome!

The kernel problem with recent updates has been solved. Find the solution here

Important information
-- Required MX 15/16 Repository Changes
-- Information on torrent hosting changes
-- Information on MX15/16 GPG Keys
-- Spectre and Meltdown vulnerabilities

News
-- Introducing our new Website
-- MX Linux on social media: here

Current releases
-- MX-18.3 Point Release release info here
-- Migration Information to MX-18 here
-- antiX-17.4.1 release info here

New users
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules

New Vulnerability

Post Reply
napsix65
Forum Novice
Forum  Novice
Posts: 50
Joined: Sun Mar 05, 2017 6:15 pm

New Vulnerability

#1

Post by napsix65 » Wed May 15, 2019 1:16 pm

What is known in MX of this new vulnerability of Linux kernels prior to 5.0.8?

"Apart from Intel's new fudge and its consequences, it has discovered another exclusive Linux vulnerability rated as serious that would affect all versions of the kernel prior to 5.0.8. The information in this regard points to the module rds_tcp_kill_sock in net / rds / tcp.c and would allow an attacker to execute code remotely.

The bad news in this case is that there is still no patch for all the current versions of the kernel; the good, that the probability of exploiting the vulnerability is very low, due to the difficulty of the process. On the other hand, from Canonical comment that no evidence has yet been detected to certify that it is a remotely exploitable vulnerability, which, at least for the moment, takes away the issue iron."

Here I leave the link of the information:

https://www.muylinux.com/2019/05/15/vul ... oad-linux/

User avatar
Richard
Posts: 2843
Joined: Fri Dec 12, 2008 10:31 am

Re: New Vulnerability

#2

Post by Richard » Wed May 15, 2019 1:22 pm

Waiting on the patches, I imagine.

Apparently more serious on multi-user systems.

See this thread: Zombie load
http://forum.mxlinux.org/viewtopic.php? ... 1ce1449848
Last edited by Richard on Wed May 15, 2019 1:30 pm, edited 3 times in total.
LT: MX18.3: Thinkpad T430: DualCore, Intel i5-3320M, Ivy Bridge; 8GB RAM; 4.19.0-5-amd64; 119GB SSD 840PRO, Intel Graphics-Audio-Network

NB: antiX19b2full-xfce; MX18.3: AsusTek EeePC 1005HA: Intel DualCore Atom N270, 1GB RAM, 4.19.0-5-686, 150GB HDD

User avatar
Head_on_a_Stick
Forum Regular
Forum Regular
Posts: 490
Joined: Sun Mar 17, 2019 3:37 pm

Re: New Vulnerability

#3

Post by Head_on_a_Stick » Wed May 15, 2019 1:23 pm

napsix65 wrote:
Wed May 15, 2019 1:16 pm
Linux kernels prior to 5.0.8
The Debian stable kernel is fixed but the intel-microcode package needs to be installed as well:

https://lists.debian.org/debian-securit ... 00090.html
"Direct action is the logical, consistent method of anarchism." — Emma Goldman

User avatar
Stevo
Developer
Posts: 20143
Joined: Fri Dec 15, 2006 8:07 pm

Re: New Vulnerability

#4

Post by Stevo » Wed May 15, 2019 10:20 pm

For good or bad, it's preinstalled in MX and all should get the upgrade. I just sent up the backported Sid 4.19.37-2 kernel for the main MX 17 repo which also contains the fixes. Or there's the newer Liquorix kernels--now based on 5.0.16.

User avatar
figueroa
Forum Regular
Forum Regular
Posts: 403
Joined: Fri Dec 21, 2018 12:20 am

Re: New Vulnerability

#5

Post by figueroa » Fri May 17, 2019 11:36 am

There are no known in-the-wild exploits. See the discussion at: viewtopic.php?f=6&p=503002#p503002
Andy Figueroa
Using Unix from 1984; GNU/Linux from 1993

Post Reply

Return to “General”