Bug#541403: marked as done (linux-image-2.6.26-2-686: Local Privilege Escalation)
Your message dated Thu, 20 Aug 2009 19:10:46 +0200
with message-id <20090820171046.GC18469@inutil.org>
and subject line Re: linux-image-2.6.26-2-686: Local Privilege Escalation
has caused the Debian Bug report #541403,
regarding linux-image-2.6.26-2-686: Local Privilege Escalation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
541403: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=541403
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: linux-image-2.6.26-2-686
Version: 2.6.26-17
Justification: root security hole
Severity: critical
Tags: security
*** Please type your report below this line ***
Hi,
today a serious bug in the Linux Kernel has been discovered and
disclosed. It affects all 2.4 and 2.6 kernels since 2001 on all
architectures.
See here for more details:
http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html
Hopefully this bug has already been patched:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e694958388c50148389b0e9b9e9e8945cf0f1b98
I'm pretty sure that you guys already know that, but it is really urgent
to apply the patch and release an update for the linux-image packages.
Thank you for your fantastic job.
Stefano
-- Package-specific info:
** Version:
Linux version 2.6.26-2-686 (Debian 2.6.26-17) (dannf@debian.org) (gcc
version 4.1.3 20080704 (prerelease) (Debian 4.1.2-25)) #1 SMP Sun Jun 21
04:57:38 UTC 2009
-- System Information:
Debian Release: squeeze/sid
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Versions of packages linux-image-2.6.26-2-686 depends on:
ii debconf [debconf-2.0] 1.5.27 Debian configuration
management sy
ii initramfs-tools [linux-initra 0.93.4 tools for generating an
initramfs
ii module-init-tools 3.9-2 tools for managing Linux
kernel mo
Versions of packages linux-image-2.6.26-2-686 recommends:
ii libc6-i686 2.9-23 GNU C Library: Shared
libraries [i
Versions of packages linux-image-2.6.26-2-686 suggests:
ii grub 0.97-55 GRand Unified Bootloader
(dummy pa
ii grub-legacy [grub] 0.97-55 GRand Unified Bootloader
(Legacy v
pn linux-doc-2.6.26 <none> (no description available)
-- debconf information excluded
--- End Message ---
--- Begin Message ---
Version: 2.6.30-6
On Thu, Aug 13, 2009 at 05:43:25PM -045A00, Stefano wrote:
> Package: linux-image-2.6.26-2-686
> Version: 2.6.26-17
> Justification: root security hole
> Severity: critical
> Tags: security
>
> *** Please type your report below this line ***
>
> Hi,
>
> today a serious bug in the Linux Kernel has been discovered and
> disclosed. It affects all 2.4 and 2.6 kernels since 2001 on all
> architectures.
>
> See here for more details:
> http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html
>
> Hopefully this bug has already been patched:
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e694958388c50148389b0e9b9e9e8945cf0f1b98
>
> I'm pretty sure that you guys already know that, but it is really urgent
> to apply the patch and release an update for the linux-image packages.
>
> Thank you for your fantastic job.
This was fixed in unstable in 2.6.30-6. The 2.6.18, 2.6.24 and 2.6.26 kernels
from Etch and Lenny have been fixed in DSAs.
Cheers,
Moritz
--- End Message ---
Reply to: