What is known in MX of this new vulnerability of Linux kernels prior to 5.0.8?
"Apart from Intel's new fudge and its consequences, it has discovered another exclusive Linux vulnerability rated as serious that would affect all versions of the kernel prior to 5.0.8. The information in this regard points to the module rds_tcp_kill_sock in net / rds / tcp.c and would allow an attacker to execute code remotely.
The bad news in this case is that there is still no patch for all the current versions of the kernel; the good, that the probability of exploiting the vulnerability is very low, due to the difficulty of the process. On the other hand, from Canonical comment that no evidence has yet been detected to certify that it is a remotely exploitable vulnerability, which, at least for the moment, takes away the issue iron."
Here I leave the link of the information:
https://www.muylinux.com/2019/05/15/vul ... oad-linux/
New Vulnerability
Re: New Vulnerability
Waiting on the patches, I imagine.
Apparently more serious on multi-user systems.
See this thread: Zombie load
http://forum.mxlinux.org/viewtopic.php? ... 1ce1449848
Apparently more serious on multi-user systems.
See this thread: Zombie load
http://forum.mxlinux.org/viewtopic.php? ... 1ce1449848
Last edited by Richard on Wed May 15, 2019 1:30 pm, edited 3 times in total.
Thinkpad T430 & Dell Latitude E7450, both with MX-21.3.1
kernal 5.10.0-26-amd64 x86_64; Xfce-4.18.0; 8 GB RAM
Intel Core i5-3380M, Graphics, Audio, Video; & SSDs.
kernal 5.10.0-26-amd64 x86_64; Xfce-4.18.0; 8 GB RAM
Intel Core i5-3380M, Graphics, Audio, Video; & SSDs.
- Head_on_a_Stick
- Posts: 919
- Joined: Sun Mar 17, 2019 3:37 pm
Re: New Vulnerability
The Debian stable kernel is fixed but the intel-microcode package needs to be installed as well:
https://lists.debian.org/debian-securit ... 00090.html
mod note: Signature removed, please read the forum rules
Re: New Vulnerability
For good or bad, it's preinstalled in MX and all should get the upgrade. I just sent up the backported Sid 4.19.37-2 kernel for the main MX 17 repo which also contains the fixes. Or there's the newer Liquorix kernels--now based on 5.0.16.
Re: New Vulnerability
There are no known in-the-wild exploits. See the discussion at: viewtopic.php?f=6&p=503002#p503002