Patreon Logo Support us on Patreon to keep GamingOnLinux alive. This ensures all of our main content remains free for everyone. Just good, fresh content! Alternatively, you can donate through PayPal Logo PayPal. You can also buy games using our partner links for GOG and Humble Store.
We use affiliate links to earn us some pennies. Learn more.

Fragnesia and ssh-keysign-pwn are the latest Linux security problems

By -
4 comments

We're seeing a wave of Linux security issues lately as it has become a bigger focus, and now we have Fragnesia and ssh-keysign-pwn revealed. After the issues of Dirty Frag and Copy Fail recently, you should ensure you're keeping your system up to date and regularly checking for security updates.

Fragnesia is another Linux local privilege escalation exploit, which is actually a member of the Dirty Frag vulnerability class. The the oss-security list notes "It abuses a logic bug in the Linux XFRM ESP-in-TCP subsystem to achieve arbitrary byte writes into the kernel page cache of read-only files, without requiring any race condition".

And the most recently revealed issue with ssh-keysign-pwn notes it allows people to read root-owned files as an unprivileged user. Ouch.

Keep an eye on our Security article tag for more disclosures.

Article taken from GamingOnLinux.com.
Tags: Security, Kernel, Misc, Open Source
3 Likes
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly checked on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly. You can follow me personally on Mastodon [External Link].
See more from me
Some you may have missed, popular articles from the last month:
VKD3D-Proton 3.0.1 brings many Linux gaming enhancements for Direct3D 12 via Vulkan
MangoHud 0.8.3 brings new features and fixes to the popular Linux gaming performance monitor
Proton Experimental upgraded to Proton 11 for better Linux gaming compatibility
Brutal space strategy roguelite Battlestar Galactica: Scattered Hopes is out now
All posts need to follow our rules. Please hit the Report Flag icon on any post that breaks the rules or contains illegal / harmful content. Readers can also email us for any issues or concerns.
4 comments

Avehicle7887 2 hours ago
While this may sound alarming, it's nothing compared to the problems being found in Windows lately - [(Link)](https://www.pcworld.com/article/3139152/microsofts-may-updates-patch-120-security-flaws-in-windows-and-office.html)

It's good that they are being discovered and reported.
Eike 2 hours ago
  • Supporter Plus
We're seeing a wave of Linux security issues lately as it has become a bigger focus
I didn't check for the latest cases, but I would be surprised if the wave is not due to AI checking out software and sometimes [finding decades old security flaws](https://medium.com/predict/an-ai-found-a-27-year-old-bug-hiding-in-openbsd-it-cost-less-than-50-to-find-it-489064e9178c) that no human found in all that time.

And yes, that's is a risk and it is making our software more secure at the same time.
Ehvis 1 hour ago
User Avatar
  • Supporter Plus
Still haven't upgraded anything for the previous two and not to worried about this one either. It either requires access through a remote exploit or breaking into my home. Either of which are significantly worse in terms of damage.
PlayingOnLinuxphone 46 minutes ago
User Avatar
Quoting: EikeI didn't check for the latest cases, but I would be surprised if the wave is not due to AI checking out software
Single findings for sure. But the wave? It is probably due one security researcher found a vulnerability with LLM, other security researcher just need to look for similar patterns. Even in pre-LLM-times researcher where doing this to ensure no criminals finding similar vulnerabilities. So I would be surprised if LLM would play an important(!) role in finding the second and third bug.
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon Logo Patreon. Plain Donations: PayPal Logo PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
Login / Register
Register Forgot Login?
★ Support Us
Popular this week
Search or view by category
Contact
Latest Guides
MorrowindHow to setup OpenMW for modern Morrowind on Linux / SteamOS and Steam Deck
By Liam Squires-Hand,
11
Hollow Knight: SilksongHow to install Hollow Knight: Silksong mods on Linux, SteamOS and Steam Deck
By Liam Squires-Hand,
1
> View more Tips & Guides
Buy Games
Buy games with our affiliate / partner links:
Latest Forum Posts
Misc