- -------------------------------------------------------------------------- Debian-Edu/Skolelinux Security Advisory DESA 2008-001 http://www.skolelinux.org/security/ Morten Werner Forsbring February 11th, 2008 debian-edu-security@lists.alioth.debian.org - -------------------------------------------------------------------------- Package : linux-2.6 Vulnerability : missing access checks Problem-Type : local Need reboot : yes Debian-Edu-specific : no CVE ID : CVE-2008-0010 CVE-2008-0163 CVE-2008-0600 DSA ID : DSA-1494-1 The vulnerability described in this DESA affects Debian Edu/Skolelinux 3.0 (codename terra) based on Debian GNU/Linux 4.0 (codename etch). An internal system call in ther Linux-kernel did not properly verify address arguments passed by user space processes. This can be used to gain root privileges. For the details, please take a look at the DSA from Debian: http://www.debian.org/security/2008/dsa-1494 We recommend that you upgrade your kernel packages to the new 2.6.18 packages built for Debian immidiately and then reboot your system(s). Upgrade Instructions - -------------------- Make sure 'deb http://security.debian.org/debian etch/updates main' or similar is present in your /etc/apt/sources.list and run 'aptitude update' to update your package lists. Find which flavour of the kernel you are running with the command 'uname -r' (examples: 386, 586tsc, 686, 686-smp, k6, k7, k7-smp). To upgrade, run this command replacing <flavour> with yours: aptitude install linux-image-2.6.18-6-<flavour> Remember that you have to reboot your system(s) after upgrading this package. If you are unfamiliar with kernel upgrades, please visit our mini-HOWTO on this subject: http://www.skolelinux.org/security/kernel-upgrade - -------------------------------------------------------------------------- Mailing lists: debian-edu-announce@lists.debian.org Package info: `apt-cache show <pkg>'
Attachment:
signature.asc
Description: Digital signature