Re: problems upgrading to 2.2r1

To: debian-user@lists.debian.org
Subject: Re: problems upgrading to 2.2r1
From: Ethan Benson <erbenson@alaska.net>
Date: Mon, 13 Nov 2000 17:09:22 -0900
Message-id: <[🔎] 20001113170922.I5619@plato.local.lan>
In-reply-to: <[🔎] 20001113122438.A307@sectionIV.com>; from lee@sectionIV.com on Mon, Nov 13, 2000 at 12:24:38PM -0500
References: <[🔎] m13vMaI-000JDNC@fea.rrd.ornl.gov> <[🔎] 20001113122438.A307@sectionIV.com>

On Mon, Nov 13, 2000 at 12:24:38PM -0500, Lee Bradshaw wrote:
> My system has modutils_2.3.11-10 and that seems to be what's currently
> on the ftp site:
> 
>   http://ftp.debian.org/dists/Debian2.2r1/main/binary-i386/base/

-11 was uploaded to security.debian.org last night, it was supposed to
fix a root hole but then Wichert said potato was not vulnerable
afterall...

modutils (2.3.11-11) stable; urgency=high

  * Security fix: no longer expand all shell metacharacters in
    modules.conf since this can be abused to trick modprobe into
    running arbitrary commands. Patch from upstream.
    This should really be redone properly to escape the metacharacters
    instead of just disabling documented functionality, talking with
    upstream about that.
  * Updated modules.conf to reflect disabled functionality.

 -- Wichert Akkerman <wakkerma@debian.org>  Mon, 13 Nov 2000 14:31:11 +0100

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgpingwIGI5dR.pgp
Description: PGP signature

Reply to:

References:
- problems upgrading to 2.2r1
  - From: "James D. Freels" <freelsjd@ornl.gov>
- Re: problems upgrading to 2.2r1
  - From: Lee Bradshaw <lee@sectionIV.com>

Prev by Date: Re: tape is ejected from drive after 10 mins => no unattended backups
Next by Date: Re: can't locate module tap0 (tap1,tap2,...,tap15)
Previous by thread: Re: problems upgrading to 2.2r1
Next by thread: X on PowerMac 9500 w/ ATI Mach64
Index(es):
- Date
- Thread