New Vulnerability

Post Reply
Message
Author
napsix65
Posts: 42
Joined: Sun Mar 05, 2017 6:15 pm

New Vulnerability

#1 Post by napsix65 »

What is known in MX of this new vulnerability of Linux kernels prior to 5.0.8?

"Apart from Intel's new fudge and its consequences, it has discovered another exclusive Linux vulnerability rated as serious that would affect all versions of the kernel prior to 5.0.8. The information in this regard points to the module rds_tcp_kill_sock in net / rds / tcp.c and would allow an attacker to execute code remotely.

The bad news in this case is that there is still no patch for all the current versions of the kernel; the good, that the probability of exploiting the vulnerability is very low, due to the difficulty of the process. On the other hand, from Canonical comment that no evidence has yet been detected to certify that it is a remotely exploitable vulnerability, which, at least for the moment, takes away the issue iron."

Here I leave the link of the information:

https://www.muylinux.com/2019/05/15/vul ... oad-linux/

User avatar
Richard
Posts: 1577
Joined: Fri Dec 12, 2008 10:31 am

Re: New Vulnerability

#2 Post by Richard »

Waiting on the patches, I imagine.

Apparently more serious on multi-user systems.

See this thread: Zombie load
http://forum.mxlinux.org/viewtopic.php? ... 1ce1449848
Last edited by Richard on Wed May 15, 2019 1:30 pm, edited 3 times in total.
Thinkpad T430 & Dell Latitude E7450, both with MX-21.3.1
kernal 5.10.0-26-amd64 x86_64; Xfce-4.18.0; 8 GB RAM
Intel Core i5-3380M, Graphics, Audio, Video; & SSDs.

User avatar
Head_on_a_Stick
Posts: 919
Joined: Sun Mar 17, 2019 3:37 pm

Re: New Vulnerability

#3 Post by Head_on_a_Stick »

napsix65 wrote: Wed May 15, 2019 1:16 pm Linux kernels prior to 5.0.8
The Debian stable kernel is fixed but the intel-microcode package needs to be installed as well:

https://lists.debian.org/debian-securit ... 00090.html
mod note: Signature removed, please read the forum rules

User avatar
Stevo
Developer
Posts: 12774
Joined: Fri Dec 15, 2006 8:07 pm

Re: New Vulnerability

#4 Post by Stevo »

For good or bad, it's preinstalled in MX and all should get the upgrade. I just sent up the backported Sid 4.19.37-2 kernel for the main MX 17 repo which also contains the fixes. Or there's the newer Liquorix kernels--now based on 5.0.16.

User avatar
figueroa
Posts: 1049
Joined: Fri Dec 21, 2018 12:20 am

Re: New Vulnerability

#5 Post by figueroa »

There are no known in-the-wild exploits. See the discussion at: viewtopic.php?f=6&p=503002#p503002
Andy Figueroa
Using Unix from 1984; GNU/Linux from 1993

Post Reply

Return to “General”