Linux Distros Readying Patches Over New Kernel Bug


Patches are in the works for several Linux distributions affected by a newly-discovered flaw in the Linux kernel that could let a local user crash or run programs as an administrator.
Admins running Ubuntu, some Red Hat systems, Debian, and other distros are advised to patch a moderately serious memory corruption flaw affecting the n_tty_write function in the Linux kernel up to 3.14.3.

According to US CERT writeup for CVE-2014-0196 bug, the "n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings."
In UNIX/Linux parlance, TTY, derived from Teletype, refers to the command line interface terminal.
A discussion about the bug by a Novell Suse security engineer notes the race condition occurs in a feature introduced in 2009 that changed how "pty" — a pseudo tty — handled write buffering.
"When two processes/threads write to the same pty, the buffer end could be overwritten and so memory corruption into adjacent buffers could lead to crashes / code execution," the Suse security engineer wrote. 
As noted by Ars Technica, although only a local user can exploit the bug, that condition still may pose a risk for affected systems in shared sever environments.
Red Hat is working on corrected kernel packages for Red Hat Enterprise Linux (RHEL) 6 and Red Hat Enterprise MRG 2 but has said that RHEL 5 is not affected. Debian has details about its available fixes here, while Ubuntu has released details about its patches here.