On Mon, Nov 13, 2000 at 12:24:38PM -0500, Lee Bradshaw wrote: > My system has modutils_2.3.11-10 and that seems to be what's currently > on the ftp site: > > http://ftp.debian.org/dists/Debian2.2r1/main/binary-i386/base/ -11 was uploaded to security.debian.org last night, it was supposed to fix a root hole but then Wichert said potato was not vulnerable afterall... modutils (2.3.11-11) stable; urgency=high * Security fix: no longer expand all shell metacharacters in modules.conf since this can be abused to trick modprobe into running arbitrary commands. Patch from upstream. This should really be redone properly to escape the metacharacters instead of just disabling documented functionality, talking with upstream about that. * Updated modules.conf to reflect disabled functionality. -- Wichert Akkerman <wakkerma@debian.org> Mon, 13 Nov 2000 14:31:11 +0100 -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpingwIGI5dR.pgp
Description: PGP signature