[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: problems upgrading to 2.2r1

On Mon, Nov 13, 2000 at 12:24:38PM -0500, Lee Bradshaw wrote:
> My system has modutils_2.3.11-10 and that seems to be what's currently
> on the ftp site:
>   http://ftp.debian.org/dists/Debian2.2r1/main/binary-i386/base/

-11 was uploaded to security.debian.org last night, it was supposed to
fix a root hole but then Wichert said potato was not vulnerable

modutils (2.3.11-11) stable; urgency=high

  * Security fix: no longer expand all shell metacharacters in
    modules.conf since this can be abused to trick modprobe into
    running arbitrary commands. Patch from upstream.
    This should really be redone properly to escape the metacharacters
    instead of just disabling documented functionality, talking with
    upstream about that.
  * Updated modules.conf to reflect disabled functionality.

 -- Wichert Akkerman <wakkerma@debian.org>  Mon, 13 Nov 2000 14:31:11 +0100

Ethan Benson

Attachment: pgpingwIGI5dR.pgp
Description: PGP signature

Reply to: