Re: [SECURITY] [DSA 1772-1] New udev packages fix privilege escalation
Hello,
is the reboot mandatory after updating the udev package?
Best Regards
Florian Weimer wrote:
> ------------------------------------------------------------------------
> Debian Security Advisory DSA-1772-1 security@debian.org
> http://www.debian.org/security/ Florian Weimer
> April 16, 2009 http://www.debian.org/security/faq
> ------------------------------------------------------------------------
>
> Package : udev
> Vulnerability : several
> Problem type : local
> Debian-specific: no
> CVE Id(s) : CVE-2009-1185 CVE-2009-1186
>
> Sebastian Kramer discovered two vulnerabilities in udev, the /dev and
> hotplug management daemon.
>
> CVE-2009-1185
>
> udev does not check the origin of NETLINK messages, allowing local
> users to gain root privileges.
>
> CVE-2009-1186
>
> udev suffers from a buffer overflow condition in path encoding,
> potentially allowing arbitrary code execution.
>
> For the old stable distribution (etch), these problems have been fixed in
> version 0.105-4etch1.
>
> For the stable distribution (lenny), these problems have been fixed in
> version 0.125-7+lenny1.
>
> For the unstable distribution (sid), these problems will be fixed soon.
>
> We recommend that you upgrade your udev package.
>
> Upgrade instructions
> --------------------
>
> wget url
> will fetch the file for you
> dpkg -i file.deb
> will install the referenced file.
>
> If you are using the apt-get package manager, use the line for
> sources.list as given below:
>
> apt-get update
> will update the internal database
> apt-get upgrade
> will install corrected packages
>
> You may use an automated update by adding the resources from the
> footer to the proper configuration.
>
>
> Debian GNU/Linux 4.0 alias etch
> -------------------------------
>
> Source archives:
>
> http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1.diff.gz
> Size/MD5 checksum: 65496 c004ab727c31c58012eb518ea1293c06
> http://security.debian.org/pool/updates/main/u/udev/udev_0.105.orig.tar.gz
> Size/MD5 checksum: 188150 9d58389d5ef915c49681cae4fba3cd60
> http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1.dsc
> Size/MD5 checksum: 653 11e4e0cb9bc8cb2f93890e80e9314a7b
>
> alpha architecture (DEC Alpha)
>
> http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_alpha.udeb
> Size/MD5 checksum: 133696 82ebf80715efaa545bb98fa92b5c6e30
> http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_alpha.deb
> Size/MD5 checksum: 293006 6e1ff1cf34638ebe01d6a7cc3771eef9
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_alpha.deb
> Size/MD5 checksum: 25892 17fc41c4605c256b933cefcda3c21a48
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_alpha.deb
> Size/MD5 checksum: 67762 335db6bf028839d64d656b3b243d3e23
>
> amd64 architecture (AMD x86_64 (AMD64))
>
> http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_amd64.deb
> Size/MD5 checksum: 277954 4daf7f67c7ddb2bea7906c3a2e5f4450
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_amd64.deb
> Size/MD5 checksum: 17570 abb465d39529deff8a8a44e6e3511e92
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_amd64.deb
> Size/MD5 checksum: 64016 1fa7e638e153131fae0794bdfa29f10e
> http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_amd64.udeb
> Size/MD5 checksum: 118680 18f17e7030d7ec1c8445e8b2e5420150
>
> arm architecture (ARM)
>
> http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_arm.deb
> Size/MD5 checksum: 266724 8cb242b97c43b91065a51ad06e341c26
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_arm.deb
> Size/MD5 checksum: 65394 053e04d02f57089c52ee9ed2dedd1824
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_arm.deb
> Size/MD5 checksum: 18146 06aaf0730d2822b9efc3658d9c6aad6f
> http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_arm.udeb
> Size/MD5 checksum: 108792 d1d15e13b7acaf80449d70a46474d5cc
>
> hppa architecture (HP PA RISC)
>
> http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_hppa.deb
> Size/MD5 checksum: 284024 5a95e42a4bc958ea800d0ad2fc7137f7
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_hppa.deb
> Size/MD5 checksum: 69216 1fa0f6be4314a15c272008889ad5cdd3
> http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_hppa.udeb
> Size/MD5 checksum: 123292 9423477a619848bc5b897c183578eedf
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_hppa.deb
> Size/MD5 checksum: 22822 2e425348f052eb7227af5b4162d87886
>
> i386 architecture (Intel ia32)
>
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_i386.deb
> Size/MD5 checksum: 62672 1fb6a5c71a746c54d2d153f82d156622
> http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_i386.udeb
> Size/MD5 checksum: 104858 6755b7f2be45c09dcfbeba11b71fb2b4
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_i386.deb
> Size/MD5 checksum: 15596 42d679cf1bf5708e12f2ebe0928d0f17
> http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_i386.deb
> Size/MD5 checksum: 263502 c771e199202b3a30191e562591b2a5f1
>
> ia64 architecture (Intel ia64)
>
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_ia64.deb
> Size/MD5 checksum: 71234 db3642925a8d81f1d63fa5a194be85ca
> http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_ia64.deb
> Size/MD5 checksum: 348482 03798072d8288f3e6080f6a32178a55a
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_ia64.deb
> Size/MD5 checksum: 26664 f1eeb303578e5d42c46d1d50bedc3427
> http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_ia64.udeb
> Size/MD5 checksum: 178622 1681eaf7e11447c584d199eca57c7829
>
> mips architecture (MIPS (Big Endian))
>
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_mips.deb
> Size/MD5 checksum: 21846 c154d642eeaec8a4ff465d0dd7854d6f
> http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_mips.deb
> Size/MD5 checksum: 278706 c612857d27e034d3979476512798bb43
> http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_mips.udeb
> Size/MD5 checksum: 123368 547c1b25665f105ca681dbb1efe1841d
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_mips.deb
> Size/MD5 checksum: 65332 0a7201607ea9d769cbd09ebc96905500
>
> mipsel architecture (MIPS (Little Endian))
>
> http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_mipsel.deb
> Size/MD5 checksum: 279278 6a3d796f15b65b8b61a991cd2631ef69
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_mipsel.deb
> Size/MD5 checksum: 65140 e5d91868a42e3a0c36eb30f512376db1
> http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_mipsel.udeb
> Size/MD5 checksum: 123416 b97a524a2ea9289b38467dd03d5213db
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_mipsel.deb
> Size/MD5 checksum: 21560 672e1b4ffc6da2e7d8c6ffdbfebd5b51
>
> powerpc architecture (PowerPC)
>
> http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_powerpc.udeb
> Size/MD5 checksum: 109412 149ab68cffb0272aadbd758c45f640fc
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_powerpc.deb
> Size/MD5 checksum: 18832 d37c3f79c808b6b775e9b5e82c265cdc
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_powerpc.deb
> Size/MD5 checksum: 65400 e1030bc12fcca0cf4ca2f4000a9d732e
> http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_powerpc.deb
> Size/MD5 checksum: 283004 083d7593e935231bfbc1868d54be6899
>
> s390 architecture (IBM S/390)
>
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_s390.deb
> Size/MD5 checksum: 66024 63704d890de325cce6d3ab739bfcc5df
> http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_s390.deb
> Size/MD5 checksum: 280362 68985aade59854bea6933ba6b9825152
> http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_s390.udeb
> Size/MD5 checksum: 119284 b89e7a4ae300862b138c65d1a65f5861
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_s390.deb
> Size/MD5 checksum: 19968 8176690f76660c6dfdbb9d0a0ad1c85b
>
> sparc architecture (Sun SPARC/UltraSPARC)
>
> http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_sparc.udeb
> Size/MD5 checksum: 108102 09f683e56ddcf705f6b0f1ff1465299a
> http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_sparc.deb
> Size/MD5 checksum: 261794 0c02b3cc77b22cc7ec88c424bc5342ab
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_sparc.deb
> Size/MD5 checksum: 66058 44da6bfe900da48fd4ac0b367846c23b
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_sparc.deb
> Size/MD5 checksum: 18924 2871710daab3972cda3485866c1ff0f7
>
> Debian GNU/Linux 5.0 alias lenny
> --------------------------------
>
> Source archives:
>
> http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1.diff.gz
> Size/MD5 checksum: 63221 1cdb4f78dc7cf5c5702fa69e3f528724
> http://security.debian.org/pool/updates/main/u/udev/udev_0.125.orig.tar.gz
> Size/MD5 checksum: 254564 be98e04cefdd9ca76b8fe7e92735ce29
> http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1.dsc
> Size/MD5 checksum: 1031 3c1c71e9321ee24dcbb4237bda82ecf8
>
> alpha architecture (DEC Alpha)
>
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_alpha.deb
> Size/MD5 checksum: 81916 0d0d955ef294f83409f7729287911834
> http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_alpha.udeb
> Size/MD5 checksum: 148990 83667ad6d0c6d0c43ddd851d139f1fd6
> http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_alpha.deb
> Size/MD5 checksum: 281758 61570a51644b3470c4ca8306f6531d2f
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_alpha.deb
> Size/MD5 checksum: 2436 82668adc7df4b743eff35e1c353f5101
>
> amd64 architecture (AMD x86_64 (AMD64))
>
> http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_amd64.udeb
> Size/MD5 checksum: 128220 6951de1f9f2a952c718c6322d4cc041c
> http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_amd64.deb
> Size/MD5 checksum: 266322 d25ceb9d564f9ff30cc841432588d11a
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_amd64.deb
> Size/MD5 checksum: 2426 c04b51779d612328c0e63048ae9112e2
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_amd64.deb
> Size/MD5 checksum: 77548 68d9da089db647fed48a5e2e126109a0
>
> arm architecture (ARM)
>
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_arm.deb
> Size/MD5 checksum: 79020 8990da78870b19da2123a246308b9f42
> http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_arm.udeb
> Size/MD5 checksum: 123542 64e28579a5dd7f20902b4683c1c2d717
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_arm.deb
> Size/MD5 checksum: 2438 6749f4622bebfb95248e522d031ac012
> http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_arm.deb
> Size/MD5 checksum: 257106 80d322c9d53711a0fee58af3d027e32d
>
> armel architecture (ARM EABI)
>
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_armel.deb
> Size/MD5 checksum: 2440 27ff9848ed16db7e8c5ca75f0a022403
> http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_armel.deb
> Size/MD5 checksum: 258074 fce468ead3db83d21356f1da16e50e9d
> http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_armel.udeb
> Size/MD5 checksum: 124506 2eb7a09d5ee3b5c308ac221851fc1573
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_armel.deb
> Size/MD5 checksum: 79228 2c16ecd4418d9fcd3f6dadf85fab95bb
>
> hppa architecture (HP PA RISC)
>
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_hppa.deb
> Size/MD5 checksum: 84240 5f32416e51f5ee674c8331429bcd71ad
> http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_hppa.deb
> Size/MD5 checksum: 274388 9464fdcd2dac50388cf23d2e891fa903
> http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_hppa.udeb
> Size/MD5 checksum: 142578 18523c4afa6e272ed8449dc433bb68ce
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_hppa.deb
> Size/MD5 checksum: 2438 187adc54d95719c8bf2a20c73b9b820a
>
> i386 architecture (Intel ia32)
>
> http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_i386.deb
> Size/MD5 checksum: 253168 9667472701f5f78e75f944afe4e18a1f
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_i386.deb
> Size/MD5 checksum: 76280 c9f04437d9c090e54fdfaf4c08b04273
> http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_i386.udeb
> Size/MD5 checksum: 115724 05843396641d6e8eed4d417020969f23
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_i386.deb
> Size/MD5 checksum: 2426 ea4c748d93da3e0ffd9c070461fb9ea4
>
> ia64 architecture (Intel ia64)
>
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_ia64.deb
> Size/MD5 checksum: 85644 2594d69577d4d309f6be2878524641f2
> http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_ia64.udeb
> Size/MD5 checksum: 190230 a682ed3c0b26b059740b37ac0976bd93
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_ia64.deb
> Size/MD5 checksum: 2432 0c4b9c1716892330ff482e8a8cb2f12d
> http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_ia64.deb
> Size/MD5 checksum: 324656 efa495e7fc30164bb91958f81a5f0e02
>
> mips architecture (MIPS (Big Endian))
>
> http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_mips.udeb
> Size/MD5 checksum: 135612 f596cc4d41bf41fa78d25deae191df8a
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_mips.deb
> Size/MD5 checksum: 2436 ef6056a525dd10b577dcf3ac162cad18
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_mips.deb
> Size/MD5 checksum: 78790 50b801e86b6a29fedac17aa4012cc222
> http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_mips.deb
> Size/MD5 checksum: 270716 15cea80dfc523e1ffadcf609293be4d6
>
> mipsel architecture (MIPS (Little Endian))
>
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_mipsel.deb
> Size/MD5 checksum: 2438 51d32dfc43f95c2579e989d332c6837e
> http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_mipsel.udeb
> Size/MD5 checksum: 135566 8a7d0840ba79647dad206aeea62dbc4e
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_mipsel.deb
> Size/MD5 checksum: 78640 e7197dd434ba99f4bef46f7176b458f1
> http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_mipsel.deb
> Size/MD5 checksum: 270760 53926589b10466163d5ea90008de5b8c
>
> powerpc architecture (PowerPC)
>
> http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_powerpc.deb
> Size/MD5 checksum: 272424 7a9d2807d73e0da05171d50882bb2b44
> http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_powerpc.udeb
> Size/MD5 checksum: 129696 4e24c200eaf8b615603cc7319b449f30
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_powerpc.deb
> Size/MD5 checksum: 2442 a0d04b0bf5d8278796d276568940084e
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_powerpc.deb
> Size/MD5 checksum: 79194 bb40fe52920ee2bfc65f1243ced8268f
>
> s390 architecture (IBM S/390)
>
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_s390.deb
> Size/MD5 checksum: 79448 d17034c5d4f29b21f9f6affcc8c31cf3
> http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_s390.udeb
> Size/MD5 checksum: 133264 e34bae7a1639cccb63814f96a014cd37
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_s390.deb
> Size/MD5 checksum: 2428 d88d5d9eedc3c5d1bfb2f441d948f9ef
> http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_s390.deb
> Size/MD5 checksum: 271886 9eaba049c1bbdf7903fbe52efd296f5b
>
> sparc architecture (Sun SPARC/UltraSPARC)
>
> http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_sparc.deb
> Size/MD5 checksum: 259536 409b46996745484d7514739cfb4cca6e
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_sparc.deb
> Size/MD5 checksum: 79640 2cc666f27b22a986c6ef5677509e13ad
> http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_sparc.deb
> Size/MD5 checksum: 2436 3c928f720d5a3cd021b633f8070ddfd6
> http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_sparc.udeb
> Size/MD5 checksum: 124598 a93970f05ff0c1a9b670e5dd3bacdad8
>
>
> These files will probably be moved into the stable distribution on
> its next update.
>
> ---------------------------------------------------------------------------------
> For apt-get: deb http://security.debian.org/ stable/updates main
> For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
> Mailing list: debian-security-announce@lists.debian.org
> Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
This message has been sent trough the mailserver3.abakomp.dk, if you have any kind of problems with it please contact us at: postmaster@mailserver3.abakomp.dk
Reply to: