Start New Discussion within our Networking Community

As reported here last week, three security flaws had been discovered that impacted upon the 2.6.x Kernel. A NULL-pointer dereference within netfilter when handling SCTP connections with unknown chunk types that could be exploited to crash the kernel; a cpuset_task_read() function in /kernel/cpuset.c which had an underflow error that could potentially be exploited in order to read the kernel memory; and a problem whereby the kernel itself mishandled seeds for random number generation, potentially weakening application security for those programs relying upon secure random number generation.

Well according to the mailing list these have now been fixed with the release of numerous updates for Linux kernel 2.6.8 as detailed in Debian Security Advisory DSA 1304-1.

The latest update also fixes a number of other problems, such as the regression in the smbfs subsystem introduced in DSA-1233 causing symlinks to be interpreted as regular files.

Debian recommend that you upgrade your kernel package immediately and reboot the machine, and if you have built a custom kernel from the kernel source package that you rebuild to take advantage of the new fixes.

Just to help, the upgrade instructions are:

wget url (to fetch the file for you)
dpkg -i file.deb (to install the referenced file)

And for those of you using the apt-get package manager:

apt-get update (to update the internal database)
apt-get upgrade (to install corrected packages)