Re: vulnerability in 8.6

To: debian-security@lists.debian.org
Subject: Re: vulnerability in 8.6
From: Eduardo M KALINOWSKI <eduardo@kalinowski.com.br>
Date: Mon, 07 Nov 2016 16:55:53 +0000
Message-id: <[🔎] 20161107165553.Horde.TzWFiXUqqmsLM38mJf3soy2@mail.kalinowski.com.br>
In-reply-to: <[🔎] CANgUfucd5FSTtqLbR8DSw-eyL5gFOx_rQZUU18WWKo9ZXObs-Q@mail.gmail.com>
References: <[🔎] CANgUfue3sq+2WE0R9eJPHHobCp0fJz2-5XaB0R1UqnbR7wEqQA@mail.gmail.com> <[🔎] 20161107160958.GA31232@lorien.valinor.li> <[🔎] CANgUfucd5FSTtqLbR8DSw-eyL5gFOx_rQZUU18WWKo9ZXObs-Q@mail.gmail.com>

On Seg, 07 Nov 2016, Ozgur wrote:

I updated the Debian system and again exploit it successful.


No, you didn't. (Well, kinda)

$ uname -ar
Linux x 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) x86_64
GNU/Linux

That's not the latest version, and specifically is not the one inwhich that vulnerability was fixed. You should have version3.16.36-1+deb8u2 .

~$ cat /etc/apt/sources.list

deb http://security.debian.org/ jessie/updates main contrib
deb-src http://security.debian.org/ jessie/updates main contrib

deb http://ftp.debian.org/debian/ jessie-updates main contrib
deb-src http://ftp.debian.org/debian/ jessie-updates main contrib

deb http://ftp.debian.org/debian/ jessie main contrib
deb-src http://ftp.debian.org/debian/ jessie main contrib

Your sources seem correct, though. What does "apt-cache policylinux-image-3.16.0-4-amd64" says?


--
Eduardo M KALINOWSKI
eduardo@kalinowski.com.br

Reply to:

Follow-Ups:
- Re: vulnerability in 8.6
  - From: Mike Oliver <mike@mopmeat.net>

References:
- vulnerability in 8.6
  - From: Ozgur <okaratas@member.fsf.org>
- Re: vulnerability in 8.6
  - From: Salvatore Bonaccorso <carnil@debian.org>
- Re: vulnerability in 8.6
  - From: Ozgur <okaratas@member.fsf.org>

Prev by Date: Re: vulnerability in 8.6
Next by Date: Re: vulnerability in 8.6
Previous by thread: Re: vulnerability in 8.6
Next by thread: Re: vulnerability in 8.6
Index(es):
- Date
- Thread