[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DSA 1494-1] Missing update for user-mode-linux (was: [SECURITY] [DSA 1494-1] New linux-2.6 packages fix privilege escalation)


The update for DSA 1494-1 lacks an update for the user-mode-linux package.
Note that I tried the exploit found in the wild. It worked fine with the
standard linux-image-2.6.18-6-686 kernel, but lead to a crash both in my
user-mode-linux virtual servers and with the
linux-image-2.6.18-6-686-bigmem. I guess it is possible to adapt the
exploit for those kernels, but I have not tried.

I tried to rebuilt user-mode-linux, using the updated source. Using this
new user-mode-linux kernel, the same exploit just fails, as it does on
an up-to-date kernel.

I think this package deserves an official upgrade.



Reply to: