Tux Machines
Posted by Roy Schestowitz on Oct 15, 2022,
updated Oct 18, 2022
=> today's howtos | today's leftovers
I'm announcing the release of the 6.0.2 kernel.
All users of the 6.0 kernel series must upgrade.
The updated 6.0.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.0.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
Microsoft-centric site with FUD:
=> ↺ Linux Fixes 5 Gaping Holes in Wi-Fi - Security Boulevard
Linux’s Wi-Fi code has some nasty bugs, which can be exploited simply by being near an attacker. Remote code execution is a possibility—no need to actually connect to a malicious Wi-Fi network.
They’ve been there for more than three years, and are caused by our old friend: Memory-unsafe C code. What other nasties lurk in the open source kernel powering billions of phones, routers and IoT devices?
Some drama and patching:
=> ↺ Linux Kernel IPv4 FIB Out-Of-Bounds Read Information Disclosure Vulnerability
=> ↺ Linux dodges serious Wi-Fi security exploits | ZDNET
What appeared to be one simple Linux Wi-Fi networking security problem was soon revealed to be five different nasty Wi-Fi security problems. Fortunately, the patches are on their way.
=> ↺ Vulnerabilities in the Linux kernel enable code to be smuggled over WLAN
Attackers can use tampered WLAN packets to insert malicious code into a vulnerable Linux kernel. This pops up from an email from SUSE employee Marcus Meissner. So Sönke Huster of TU Darmstadt discovered one of the gaps.
UPDATE
By Sam Varghese:
=> ↺ iTWire - Developers patch five Wi-Fi bugs which were in Linux kernel since 2019
Five Wi-Fi vulnerabilities in the Linux kernel have been patched and a new stable kernel, 5.10.148, released by stable kernel maintainer Greg Kroah-Hartman. The patches have also been included in the latest release, 6.1, by Linux creator Linus Torvalds.
Posting on the Linux Weekly News site, a subscriber with the moniker Johill said anyone who was scanning a network could be attacked using these flaws.
While one issue needed P2P functionality to be switched on, all five were a cause for concern for anyone who uses Wi-Fi.
The news was posted on LWN by editor Jonathan Corbet, himself a kernel developer, who wrote "anybody who uses Wi-Fi on untrusted networks should probably keep an eye out for the relevant updates". This was referred to as "tongue-in-cheek humour" by subscriber fmyhr, who wrote: "...anybody who uses WiFi on untrusted networks...' More tongue-in-cheek humour from our esteemed — albeit often grumpy — editor?"
=> gemini.tuxmachines.org This content has been proxied by September (ba2dc).Proxy Information
text/gemini;lang=en-GB