Ubuntu 10.04 LTS服务器版内核更新

Canonical为仍在支持期的Ubuntu 10.04 LTS (Lucid Lynx)发布重要内核更新,修复了5个被开发者和黑客发现的内核漏洞。

第一个漏洞是在Linux内核中Adaptec AACRAID SCSI RAID设备的compat读写控制漏洞,它可能允许非本地特权用户通过发送管理员命令来侵入数据存储。(The first security issue is related to a flaw discovered in the Linux kernel’s compat ioctls for Adaptec AACRAID SCSI RAID devices, which could allow an unprivileged local user to compromise the data stored on those devices by sending administrative commands.)

其他四个安全问题在Linux内核中的recvfrom,recvmsg和的recvmmsg系统调用,Phonet(电话网络协议),L2TP(第二层隧道协议)和IEEE802.15.4(低速率无线个人区域信息泄露网络),这可能允许本地用户从内核的栈内存访问敏感信息。(The other four security issues are actually information leaks that have been discovered in Linux kernel’s recvfrom, recvmsg and recvmmsg system calls, Phonet (Phone Network Protocol), L2TP (Layer 2 Tunneling Protocol) and IEEE 802.15.4 (Low-Rate Wireless Personal Area Networks), which could allow a local user to access sensitive information from the kernel’s stack memory.)

希望使用Ubuntu 10.04 LTS服务器版的用户能尽快升级内核到linux-image-2.6.32-56 (2.6.32-56.118)。可以通过执行命令:sudo apt-get update && sudo apt-get dist-upgrade 来更新,或者参考Canonical公司的说明

来源:softpedia  翻译及校对:Raint

0 0