Re: [SECURITY] [DSA 1862-1] New Linux 2.6.26 packages fix privilege escalation
On Mon, 17 Aug 2009 15:36:57 +0200, Jan de Groot wrote:
> On Fri, 2009-08-14 at 13:31 -0600, dann frazier wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > - ----------------------------------------------------------------------
> > Debian Security Advisory DSA-1862-1 security@debian.org
> > http://www.debian.org/security/ dann frazier
> > Aug 14, 2009 http://www.debian.org/security/faq
> > - ----------------------------------------------------------------------
> >
> > Package : linux-2.6
> > Vulnerability : privilege escalation
> > Problem type : local
> > Debian-specific: no
> > CVE Id(s) : CVE-2009-2692
> >
> > A vulnerability has been discovered in the Linux kernel that may lead
> > to privilege escalation. The Common Vulnerabilities and Exposures project
> > identifies the following problem:
> >
> > CVE-2009-2692
> >
> > Tavis Ormandy and Julien Tinnes discovered an issue with how the
> > sendpage function is initialized in the proto_ops structure.
> > Local users can exploit this vulnerability to gain elevated
> > privileges.
> >
> > For the stable distribution (lenny), this problem has been fixed in
> > version 2.6.26-17lenny2.
>
> There's also a 2.6.26-18 in lenny-proposed-updates which contains some
> bugfixes that 2.6.26-17lenny2 doesn't have. The version of this kernel
> is higher than this security release, but it doesn't have the security
> patch included in this release. What's the future of this kernel in
> lenny-proposed-updates, will we see 2.6.26-18lenny1, or will it get
> removed?
> I don't have problems with "downgrading" to 2.6.26-17lenny2 for now, but
> I can imagine some users need the bugfixes in 2.6.26-18 and are still
> affected by this bug.
proposed-updates is not supported by the security team. however,
patches will certainly get applied there at some point before the next
point release; just don't expect that to be done with much urgency. if
you are concerned about security, stick with the core package pool.
mike
Reply to: