[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#541496: marked as done (linux-source-2.6.30: Local privilege escalation (incorrect proto_ops initializations))

Your message dated Thu, 20 Aug 2009 19:10:46 +0200
with message-id <20090820171046.GC18469@inutil.org>
and subject line Re: linux-image-2.6.26-2-686: Local Privilege Escalation
has caused the Debian Bug report #541403,
regarding linux-source-2.6.30: Local privilege escalation (incorrect proto_ops initializations)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
541403: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=541403
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: linux-source-2.6.30
Version: 2.6.30-4
Severity: critical
Tags: security
Justification: root security hole


See:
  http://seclists.org/fulldisclosure/2009/Aug/0173.html

See the link for a patch from Linus at the bottom.  Please back patch
at your earliest convenience.

thank you,
tim


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.30 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages linux-source-2.6.30 depends on:
ii  binutils              2.19.51.20090805-1 The GNU assembler, linker and bina
ii  bzip2                 1.0.5-3            high-quality block-sorting file co

Versions of packages linux-source-2.6.30 recommends:
ii  gcc                           4:4.3.3-9  The GNU C compiler
ii  libc6-dev [libc-dev]          2.9-24     GNU C Library: Development Librari
ii  make                          3.81-6     An utility for Directing compilati

Versions of packages linux-source-2.6.30 suggests:
ii  kernel-package            12.017         A utility for building Linux kerne
ii  libncurses5-dev [ncurses- 5.7+20090803-1 developer's libraries and docs for
pn  libqt3-mt-dev             <none>         (no description available)

-- no debconf information

--- End Message ---
--- Begin Message --- 
Version: 2.6.30-6

On Thu, Aug 13, 2009 at 05:43:25PM -045A00, Stefano wrote:
> Package: linux-image-2.6.26-2-686
> Version: 2.6.26-17
> Justification: root security hole
> Severity: critical
> Tags: security
> 
> *** Please type your report below this line ***
> 
> Hi,
> 
> today a serious bug in the Linux Kernel has been discovered and
> disclosed. It affects all 2.4 and 2.6 kernels since 2001 on all
> architectures. 
> 
> See here for more details:
> http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html
> 
> Hopefully this bug has already been patched:
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e694958388c50148389b0e9b9e9e8945cf0f1b98
> 
> I'm pretty sure that you guys already know that, but it is really urgent
> to apply the patch and release an update for the linux-image packages.
> 
> Thank you for your fantastic job.

This was fixed in unstable in 2.6.30-6. The 2.6.18, 2.6.24 and 2.6.26 kernels
from Etch and Lenny have been fixed in DSAs.

Cheers,
        Moritz

--- End Message ---
Reply to: