Theres another vulnerability in the Linux kernel:
http://www.theregister.co.uk/2010/09/15 ... ssion_bug/If you are running the latest ASL (2.2.10), then you have nothing to worry about.
In keeping with our tradition of building defense in depth in ASL, if you are running ASL with the ASL kernel you can rest easy that you are protected from the latest Linux kernel vulnerability. Long ago we built in several layers of security into the kernel that removed the attack vector this uses - so the means by which the exploit is launched won't work. But wait, theres more! If you have ASL configured to its default settings the exploit won't even run on your system. Thats because TPE (Trusted Path Execution) prevents untrusted code from being run on your system. TPE provides a broad protection against zero day exploits by preventing any untrusted code from running even if your system is vulnerable to whatever the bad guys are launching.
And last, but not least, our kernel team is working on new security features to address this whole class of vulnerabilities so that if you turn off many of the other protections in the ASL kernel you'll still be safe from these vulnerabilities.
Login
Register
FAQ
Search
