Hello Friends
For your consideration Dirty Frag vulnerability
For the admin(s)
Is possible create a new section/category named “Security” and move all the respective posts?
Best to all!
9 Likes
Done!
5 Likes
Hi @sourav,
Seems to have a loop here. I click on your link and it takes me to the new thread.
I click on the new topic and it brings me back here.
4 Likes
Yet another security concern. This is number 3.
4 Likes
Thanks for that @sourav
Consider to move this one too
3 Likes
Do these touch home users on Linux or just servers ?
Would all versions (debian etc) be infected ?
Are these things a firewall would prevent ?
Should more scans by clamav etc be needed ?
Not just the one Howard pointed out but the others… I like the new category on security but question who is infected or effected by these things.
1 Like
In general I welcome that new category. However I dare to hope that it wont be a simple dump-hole for infos I already know from elsewhere.
1 Like
From what I read on the article, home users should not be impacted.
“It means a local user could gain superuser (root) privileges.” and maybe
“patched Linux kernels are available by May 14”.
It was interesting to me in that you hardly ever hear about a security concern with Linux and now we had 3 within 2 weeks.
As far as I can tell, most of these security concerns are for servers.
2 Likes
This may be more of an issue for servers, but even home computers can be exposed to the outside world via the Internet. It doesn’t hurt to disable the modules that are affected until a formal update fixing the issue comes through.
2 Likes
AI is exposing Linux security holes faster than developers can patch them
Well that may help. We dont need to rewrite in Rust any more… just clean up the C code using AI.
I am not sure Rust would have helped with the bugs mentioned here anyway… they are programmer oversights not coding deficiencies.
That is not always possible in the kernel. … only if the bug is confined to a non-vital module
4 Likes
Is it working now? I changed the URL slightly.
3 Likes
If A/i is finding loopholes and vulnerabilities, what’s to stop someone using A/i on purpose to find ways to sabotage Linux? Please don’t tell me Linux might turn into Microsoft.
1 Like
Yes, the link has been corrected.
2 Likes
The process of getting code into a kernel is rather convoluted , so that form of attack is unlikely
but
they may be able to find something that could be done on a running system that could exploit a kernel weakness … for example to gain root privileges. … but that would only be useful in a server.
The likelihood of someone highjacking your home computer is quite low, because access from the internet is blocked by NAT.
The pace of change of Linux works against attacks, as does the diversity of Linux distros. Becoming like Microsoft would destroy that advantage.
BSD is even a more difficult target than Linux. All the BSD variants have different system calls. It is a nightmare to write a program portable across all BSD’s, and that presumably includes writing malware.
In linux, the kernel is the same across all variants … not as good a protection. Linux should diversify more.
2 Likes