Patches coming for several Linux distributions affected by a newly-discovered flaw in the Linux kernel that lets a local user crash or run programs as an admin. Admins running Ubuntu, some Red Hat systems, Debian, and other distros are advised to patch a somewhat serious memory corruption flaw affecting the n_tty_write function in the Linux kernel up to 3.14.3.
According to Openwall "When two processes/threads write to the same pty, the buffer end could be overwritten and so memory corruption into adjacent buffers could lead to crashes / code execution"
And to US-cert "n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings."
Arstechnica said that only a local user can exploit the bug, but it could pose a risk for affected systems in shared sever environments. "While the vulnerability can be exploited only by someone with an existing account, the requirement may not be hard to satisfy in hosting facilities that provide shared servers"
So start updating your kernels once the patches are available.
