"This memory corruption flaw is certainly nothing like OpenSSL's remotely exploitable Heartbleed – CVE-2014-0196. But this local root hole is problematic where users are sharing the same Linux host in the cloud.
Here's how US-CERT described the issue:
“The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the 'LECHO & !OPOST' case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.”
A user only needs shell access to be in a position to exploit the programming blunder.
The bug was introduced in 2009 with version v2.6.31-rc3 of the kernel. Before that, as noted at this Novell SUSE security discussion, “pty [the pseudo-terminal – El Reg] was writing directly to a line discipline without using buffers”
open source is more secure because everybody has the possibility of checking the code - they say
that it takes 5 years to discover this tells a lot of the number of people who are busy with checking the code (every 5 years)
and they can't say that the kernel isn't critical and shouldn't have been closed down and checked and tested long long long long before
trust what I say, not what I say I do