Attackers could exploit security holes in the Linux kernel to cause a denial of service, corrupt memory and launch malicious code. But users can update to a newer version in which the flaws are fixed.
Danish security firm Secunia described three "moderately critical" vulnerabilities in an advisory:
- An error in ROSE due to missing verification of the ndigis argument of new routes;
- A user with permission to access a SCSI tape device can send certain commands that could render the device unusable for other users; and
- Unspecified glitches in the ISO9660 file system handler, including the Rock Ridge and Juliet extensions, could be exploited by a specially crafted file system to cause a denial of service or memory corruption, which could then allow the attacker to launch malicious code.
Secunia said these issues specifically affect Linux Kernel 2.6 and that the vulnerabilities are fixed in version 2.6.12-rc1.
More information is available at Kernel.org.