Re: [SECURITY] [DSA 1378-1] New Linux 2.6.18 packages fix several vulnerabilities

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 1378-1] New Linux 2.6.18 packages fix several vulnerabilities
From: Tim Wickberg <wickbt@rpi.edu>
Date: Thu, 27 Sep 2007 21:07:31 -0400
Message-id: <[🔎] 46FC53D3.8060801@rpi.edu>
In-reply-to: <20070927213304.GC26030@colo.lackof.org>
References: <20070927213304.GC26030@colo.lackof.org>

Apologies if this has already been posted, but:

For CVE-2007-4573 - The proof of concept code posted by Robert Swieckion the bugtraq list [1] still works as a local root exploit for the Xenkernels on AMD64 in the updated packages:


linux-image-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch3_amd64.deb
and
linux-image-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch3_amd64.deb

- Tim

[1] http://seclists.org/bugtraq/2007/Sep/0363.html

--
Tim Wickberg
wickbt@rpi.edu
Senior Systems Administrator
Office of the Vice President of Research
Rensselaer Polytechnic Institute

Reply to:

Prev by Date: Re: Bug#439927: t1lib security flaw: CVE-2007-4033/#439927
Next by Date: Re: [SECURITY] [DSA 1378-1] New Linux 2.6.18 packages fix several vulnerabilities
Previous by thread: Re: [SECURITY] [DSA 1376-1]: missing dependencies result in removal of KDE
Next by thread: Re: [SECURITY] [DSA 1378-1] New Linux 2.6.18 packages fix several vulnerabilities
Index(es):
- Date
- Thread