Re: root compromise on debian woody

To: debian-user@lists.debian.org
Subject: Re: root compromise on debian woody
From: Phil Dyer <phil@dyermaker.org>
Date: Fri, 27 May 2005 08:26:45 -0400
Message-id: <[🔎] 42971205.4080007@dyermaker.org>
In-reply-to: <[🔎] 20050526222805.GA23796@kitenet.net>
References: <[🔎] 8752f596050526134936f40e67@mail.gmail.com> <[🔎] 20050526222805.GA23796@kitenet.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Joey Hess said:

> Well to choose one security hole at random out of dozens to hundreds
> that remain unfixed in woody's kernels, this one allows anyone to go from
> a normal user account to root:
> 
> CAN-2005-1263 [Linux kernel ELF core dump privilege escalation]
>         - kernel-source-2.6.11 2.6.11 2.6.11-4
>         - kernel-source-2.6.8 2.6.8-16
>         - kernel-source-2.4.27 2.4.27-10
> 
I'm a little confused on this. First, I don't see that 2.6.x or 2.4.27
is available in woody - at least from the debian.org packages page for
woody.

Also, are we saying that the stable (woody) debian is full of security
holes? Aren't kernel 'sploits fixed in security updates. I may just not
be reading correctly.
- --

/phil


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)

iD8DBQFClxIFGbd/rBLcaFwRAuN+AKCN4FrE8CTcwuRrEanQI/6SrPQxiwCgli5P
x/G/bDYUVPRYsUg5Ki64kOY=
=cO5P
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: root compromise on debian woody
  - From: Joey Hess <joeyh@debian.org>

References:
- root compromise on debian woody
  - From: Selva Nair <selva.nair@gmail.com>
- Re: root compromise on debian woody
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: Re: Knoppix .config
Next by Date: Re: alsa problem
Previous by thread: Re: root compromise on debian woody
Next by thread: Re: root compromise on debian woody
Index(es):
- Date
- Thread