Re: [SECURITY] [DSA 1494-1] New linux-2.6 packages fix privilege escalation
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Florian Weimer un jour écrivit:
>
> Package : linux-2.6
> Vulnerability : missing access checks
> Problem type : local
> Debian-specific: no
> CVE Id(s) : CVE-2008-0010 CVE-2008-0163 CVE-2008-0600
> In the vserver-enabled kernels, a missing access check on certain
> symlinks in /proc enabled local attackers to access resources in other
> vservers (CVE-2008-0163).
>
> For the stable distribution (etch), this problem has been fixed in
> version 2.6.18.dfsg.1-18etch1.
>
> In addition to these fixes, this update also incorporates changes
> from the upcoming point release of the stable distribution.
>
> The old stable distribution (sarge) is not affected by this problem.
>
> The unstable (sid) and testing distributions will be fixed soon.
It seems that there is no update available for PowerPC and Sparc, and
maybe other architectures as well. Do we have again the problems we
had with security updates for PowerPC in August 2007?
If the updates are known to be available only later, would It be
possible to announce It in the advisory, as It is usually done?
And maybe make a statement about It if an architecture is not
affected (though It is obviously not the case here).
Simon Valiquette
http://gulus.USherbrooke.ca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Linux PPC)
iD8DBQFHsNVRJPE+P+aMAJIRA9XjAKDBFjM1qF7Uoz69bWAqmShNgHr2vQCeJSTo
1fV9NossyFITd9IVkE5JtE8=
=9dXH
-----END PGP SIGNATURE-----
Reply to: