Red Hat Plugs Multiple Linux Kernel Flaws

The Linux distributor issues a kernel security update meant to address a series of vulnerabilities that could affect basic functions of the operating system if exploited.

Linux software provider Red Hat issued a security advisory for a number of its products, addressing a series of kernel vulnerabilities in the operating system software.

The company is distributing updated kernel packages meant to fix 16 individual flaws present in the version 4.0 releases of its Red Hat Desktop and Red Hat Enterprise Linux OS software.

The company advised that all Enterprise Linux 4 users should upgrade their kernels to protect themselves from the security issues, 10 of which the Red Hat Security Response Team rated as "important," and six of which it tabbed as "moderate."

If compromised, the flaws could impact basic functions of the software, according to the Linux vendor.

Among the more serious issues reported by Red Hat were flaws in the softwares IPv6 (Internet Protocol Version 6) implementation that could allow a local user to launch denial-of-service attacks on machines running the affected products.

Other important security included flaws in the softwares ATM (Asynchronous Transfer Mode) module, NFS (Network File System) client implementation, and a difference in the "sysretq" operation of the OS with certain microprocessors, all of which could lead to different types of denial-of-service exploits.

/zimages/2/28571.gifRead more here about efforts to secure Linux.

The remaining issues rated as important by Red Hat included flaws in the products keyring, IP routing, SCTP (Stream Control Transmission Protocol)-netfilter, virtual memory and threading implementations, along with issues related to the softwares device driver, which could also lead to denial-of-services attacks.

Moderate problems reported in the OS software included flaws in its bridge implementation, Linux Security Modules and data-handling components, along with a directory traversal vulnerability in the products file system.

Recent research shows that Linux-based systems are more frequently coming under attack than in previous years, despite the relatively low number of viruses aimed at open-source software programs.

In a report published in April 2006, researchers at Evans Data found that some 11 percent of the Linux developers it surveyed had discovered viruses on their computers, with over one third of respondents saying they had found three or more infections.

/zimages/2/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

Those results represent the highest proportion of users affected by viruses ever reported in the survey of 450 programmers, which is conducted twice each year.

In April, virus researchers at Kaspersky Lab discovered a proof-of-concept code for a cross-platform virus capable of infecting both Windows and Linux-based systems.

/zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.