AboutWelcome to Free Software Daily (FSD). FSD is a hub for news and articles by and for the free and open source community. FSD is a community driven site where members of the community submit and vote for the stories that they think are important and interesting to them. Click the "About" link to read more...
The FreeBSD developers have released new updates to their operating system to close three vulnerabilities. Users with restricted privileges can reportedly exploit all three holes to elevate their privileges. One of the vulnerabilities is caused by a design flaw recently also discovered and fixed in the kernel. It allows programming flaws to cause a NULL pointer dereference.
Canonical announced a few hours ago the immediate availability of a new Linux kernel security update for the following Ubuntu distributions: 6.06 LTS (Dapper Drake), 8.04 LTS (Hardy Heron), 8.10 (Intrepid Ibex), 9.04 (Jaunty Jackalope) and 9.10 (Karmic Koala).
Announced by UPR team the release of the second stable release of Ubuntu Privacy Remix 9.04. All software packages including the kernel were updated to their newest version to close security holes and fix bugs.
James Morris has outlined a preview of the security subsystem changes he is currently carrying in his security-testing-next branch of the Linux kernel that he plans to have Linus Torvalds pull into the next kernel development cycle for Linux 2.6.36. The big change in the kernel security world is that AppArmor is being planned for integration into the Linux 2.6.36 kernel.
Security holes in numerous PDF applications allow attackers to infect systems with malware. Linux distributor Red Hat has already released new packages for these applications, and other distributors are likely to follow soon.
On July 16, Brad Spengler disclosed an easily-exploitable kernel vulnerability based on getting the kernel to dereference a null pointer. This security hole affected a version of the kernel which had not been widely distributed, so it was a problem for relatively few users, but it highlighted a class of problems which was sure to be seen again.
Last week when releasing the Linux 2.6.35-rc2 kernel, Linus was upset with the number of late merges and other commits that were receiving pull requests in the Linux 2.6.35 kernel development cycle when the work should instead be now about bug and regression fixes.
Much attention goes toward mainline kernel releases, but relatively few users are actually running those kernels. Instead, they run kernels provided by their distributors, and those kernels, in turn, are based off the stable kernel series. The practice of releasing stable kernels has been going for well over five years now, so perhaps it's time to look back at how it has been going.
