Re: [SECURITY] [DSA 1862-1] New Linux 2.6.26 packages fix privilege escalation

[Jan de Groot <jan@jgc.homeip.net>]

On Fri, 2009-08-14 at 13:31 -0600, dann frazier wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> - ----------------------------------------------------------------------
> Debian Security Advisory DSA-1862-1                security@debian.org
> http://www.debian.org/security/                           dann frazier
> Aug 14, 2009                        http://www.debian.org/security/faq
> - ----------------------------------------------------------------------
> 
> Package        : linux-2.6
> Vulnerability  : privilege escalation
> Problem type   : local
> Debian-specific: no
> CVE Id(s)      : CVE-2009-2692
> 
> A vulnerability has been discovered in the Linux kernel that may lead
> to privilege escalation. The Common Vulnerabilities and Exposures project
> identifies the following problem:
> 
> CVE-2009-2692
> 
>     Tavis Ormandy and Julien Tinnes discovered an issue with how the
>     sendpage function is initialized in the proto_ops structure.
>     Local users can exploit this vulnerability to gain elevated
>     privileges.
> 
> For the stable distribution (lenny), this problem has been fixed in
> version 2.6.26-17lenny2.

There's also a 2.6.26-18 in lenny-proposed-updates which contains some
bugfixes that 2.6.26-17lenny2 doesn't have. The version of this kernel
is higher than this security release, but it doesn't have the security
patch included in this release. What's the future of this kernel in
lenny-proposed-updates, will we see 2.6.26-18lenny1, or will it get
removed?
I don't have problems with "downgrading" to 2.6.26-17lenny2 for now, but
I can imagine some users need the bugfixes in 2.6.26-18 and are still
affected by this bug.