On Fri, Jun 16, 2000 at 04:37:13AM -0300, yashan@impsat1.com.ar wrote:
> ..."Lots of security holes have been dealt with since the last edition of
> Debian Weekly News:
> * A fix for the capabilities-related local root compromise in kernel
> 2.2.15 was [21]backported into the Debian package of kernel
> 2.2.15 ..."
Desconozco si había paquetes de 2.2.15 para Slink. Si es así, esos estarían
afectados. Te aseguro que los de Potato no.
kernel: bug in capabilities handling allows root exploits
_________________________________________________________________
Date Reported:
12 Jun 2000
Affected Packages:
kernel-image, kernel-source
Vulnerable:
No
For more information:
There is a widely-reported problem with the handling of POSIX
capabilities in the linux kernel that can lead to root
compromise in setuid applications. This bug does not affect
kernels in the 2.0 or earlier series; the 2.0 kernels installed
by default in debian 2.1 (slink) are not vulnerable. If you are
running a kernel with a version of 2.1.*, 2.2.*, or 2.3.*, you
should upgrade immediately.
Fixed in:
The Debian kernel source package currently in potato,
kernel-source-2.2.15-3, and binaries built from it, such as
kernel-image-2.2.15-2 (or more recent versions), are patched to
prevent this vulnerability. If you prefer to download kernel
source from a mirror of ftp.kernel.org instead of using the
debian package, you should download 2.2.16 or better.
--
Jordi Mallach Pérez || jordi@pusa.informat.uv.es || Rediscovering Freedom,
aka Oskuro in || jordi@sindominio.net || Using Debian GNU/Linux
Reinos de Leyenda || jordi@debian.org || http://debian.org
http://sindominio.net GnuPG public information: pub 1024D/917A225E
telnet pusa.uv.es 23 73ED 4244 FD43 5886 20AC 2644 2584 94BA 917A 225E
Attachment:
pgp7ZFV0drmuB.pgp
Description: PGP signature