Kako smo saznali pre nešto manje od  sat vremena, grupa hakera je oborila nekoliko hiljada Ubuntu sistema, preko kritičnog propusta u novoj verziji Kernela za ovaj sistem.  Canonical je odmah reagovao i tim devolpera iz USA je poslao patch za ovaj ogroman do sada propust ikada u Canonical Corporation. Verzije sistema koji su podložni napadima hakera su:  6.06 ; 8.04 ; 8.10 ; 9.04 Ukoliko posedujete neku od ovih verzija, morate odmah uraditi update vašeg kernela, preko “Ubuntu Update manager”.

Šta je sve ugrženo ovim propustom!?

1. When root_squash was active, NFS clients could create device nodes. This could lead to loss of privacy. The issue was discovered by Igor Zhbanov, and affects only Ubuntu 8.10 and 9.04 users.
2. SELinux failed to handle various network checks if compat_net=1 was enabled. Because of this, network checks could be bypassed by a local attacker. The issue was discovered by Dan Carpenter, and affects only Ubuntu 8.10 and 9.04 users.
3. Memory was incorrectly initialized in AGP subsystem, which could lead to loss of privacy. The issue was discovered by Shaohua Li.
4. The VMX implementation of KVM failed to handle various registers. This could lead to a DoS attack and crash the affected system. The issue was discovered by Benjamin Gilbert, and affects only Ubuntu 8.04 LTS, 8.10 and 9.04 users (32-bit versions).
5. The Amateur Radio X.25 Packet Layer Protocol failed to validate various fields, which could lead to loss of privacy. The issue was discovered by Thomas Pollet.
6. NFS failed to handle long filenames. This could lead to a DoS attack and crash the affected system. The issue was discovered by Trond Myklebust, and affects only Ubuntu 6.06 LTS users.
7. The Linux kernel failed to handle CAP_KILL and it could lead to a DoS attack. The issue was discovered by Oleg Nesterov.
8. Signal handling was incorrectly limited to process namespaces, which could lead to a DoS attack. The issue was discovered by Daniel Hokka Zakrisson, and affects only Ubuntu 8.04 LTS users.
9. Support for network namespace in IPv6 was incorrectly handled. This could lead to a DoS attack and crash the affected system. The issue was discovered by Pavel Emelyanov, and affects only Ubuntu 8.10 and 9.04 users.
10. The e1000 network driver failed to validate various fields. This could lead to a DoS attack and crash the affected system. The issue was discovered by Neil Horman.
11. CIFS failed to check the lengths when various mount requests were handled. Because of this, restricted applications could be executed. This could lead to a DoS attack and crash the affected system. The issue was discovered by Pavan Naregundi.
12. NFSv4 failed to handle execute permissions. The issue was discovered by Simon Vallet and Frank Filz.
13. Buffer overflows were discovered in the code of the CIFS client. This could lead to a system crash. The issue was discovered by Jeff Layton and Suresh Jayaraman.
14. On Sparc architecture, the /proc/iomem was incorrectly initialized. This could lead to a DoS attack and crash the affected system. The issue was discovered by Mikulas Patocka, and affects only Ubuntu 8.04 LTS, 8.10 and 9.04 users.
15. OCFS2 failed to handle various splice operations. This could lead to a DoS attack and hang the affected system. The issue was discovered by Miklos Szeredi, and affects only Ubuntu 8.04 LTS, 8.10 and 9.04 users.

VAŽNO!!

Stvar nije za igranje ukoliko vam je stalo do privatnosti i bezbednosti uskladištenih podataka na vašem tvrdom disku, stoga odmah uradite upgrade Kernela, po završetku upgrade-a, ponovo pokrenite računar i proverite koju verziju kernela imate instaliranu:

Ako imate Ubuntu 6.06 LTS, trebalo bi da uradite nadogradnju kernel packages na linux-image-2.6.15-54.77

Ako imate Ubuntu 8.04 LTS, trebalo bi da uradite nadogradnju kernel packages na linux-image-2.6.24-24.55

Ako imate Ubuntu 8.10, trebalo bi da uradite nadogradnju kernel packages na linux-image-2.6.27-14.35

• Ako imate Ubuntu 9.04,trebalo bi da uradite nadogradnju kernel packages na linux-image-2.6.28-13.45