Bug#508259: marked as done (linux-image-2.6.18-6-k7: Local kernel panic exploit)
Your message dated Sat, 20 Dec 2008 23:01:18 +0100
with message-id <20081220220118.GA5932@galadriel.inutil.org>
and subject line Re: your mail
has caused the Debian Bug report #508259,
regarding linux-image-2.6.18-6-k7: Local kernel panic exploit
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
508259: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508259
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: linux-image-2.6.18-6-k7
Version: 2.6.18.dfsg.1-23
Severity: critical
Tags: security
Justification: breaks the whole system
These exploit freezess all my Debian/Ubuntu machines:
http://www.milw0rm.com/exploits/7091
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-k7
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Versions of packages linux-image-2.6.18-6-k7 depends on:
ii coreutils 5.97-5.3 The GNU core utilities
ii debconf [debconf-2.0] 1.5.11etch2 Debian configuration management sy
ii initramfs-tools [linux-initr 0.85i tools for generating an initramfs
ii module-init-tools 3.3-pre4-2 tools for managing Linux kernel mo
Versions of packages linux-image-2.6.18-6-k7 recommends:
ii libc6-i686 2.3.6.ds1-13etch7 GNU C Library: Shared libraries [i
-- debconf information:
linux-image-2.6.18-6-k7/preinst/initrd-2.6.18-6-k7:
linux-image-2.6.18-6-k7/prerm/removing-running-kernel-2.6.18-6-k7: true
linux-image-2.6.18-6-k7/postinst/kimage-is-a-directory:
linux-image-2.6.18-6-k7/postinst/depmod-error-2.6.18-6-k7: false
linux-image-2.6.18-6-k7/preinst/abort-overwrite-2.6.18-6-k7:
linux-image-2.6.18-6-k7/preinst/failed-to-move-modules-2.6.18-6-k7:
linux-image-2.6.18-6-k7/preinst/lilo-initrd-2.6.18-6-k7: true
linux-image-2.6.18-6-k7/postinst/depmod-error-initrd-2.6.18-6-k7: false
linux-image-2.6.18-6-k7/postinst/old-system-map-link-2.6.18-6-k7: true
linux-image-2.6.18-6-k7/preinst/abort-install-2.6.18-6-k7:
shared/kernel-image/really-run-bootloader: true
linux-image-2.6.18-6-k7/postinst/create-kimage-link-2.6.18-6-k7: true
linux-image-2.6.18-6-k7/postinst/old-dir-initrd-link-2.6.18-6-k7: true
linux-image-2.6.18-6-k7/postinst/bootloader-test-error-2.6.18-6-k7:
linux-image-2.6.18-6-k7/preinst/lilo-has-ramdisk:
* linux-image-2.6.18-6-k7/preinst/already-running-this-2.6.18-6-k7:
linux-image-2.6.18-6-k7/preinst/elilo-initrd-2.6.18-6-k7: true
linux-image-2.6.18-6-k7/prerm/would-invalidate-boot-loader-2.6.18-6-k7: true
linux-image-2.6.18-6-k7/preinst/bootloader-initrd-2.6.18-6-k7: true
linux-image-2.6.18-6-k7/preinst/overwriting-modules-2.6.18-6-k7: true
linux-image-2.6.18-6-k7/postinst/bootloader-error-2.6.18-6-k7:
linux-image-2.6.18-6-k7/postinst/old-initrd-link-2.6.18-6-k7: true
--- End Message ---
--- Begin Message ---
Version: 2.6.26-11
On Sat, Dec 13, 2008 at 12:57:20PM +0100, Moritz Muehlenhoff wrote:
> On Tue, Dec 09, 2008 at 06:43:13PM +0100, Paul Sohier wrote:
> > Why arent such critical issues also fixed in the 2.6.18 kernel?
> > Not everyone just can updated on a production machine.
>
> This will be fixed in the upcoming DSA for kernel 2.6.18.
>
> However, this isn't a critical issue. One to four
> Kernel DoS issues are found each week, so the low severity
> issues are bundled. This is the same process other distributors
> like SuSE or Red Hat apply.
This was fixed in unstable/Lenny in 2.6.26-11 and in DSA 1687
for Etch.
Cheers,
Moritz
--- End Message ---
Reply to: