Hosting Provided By

Re: [SECURITY] [DSA 1378-1] New Linux 2.6.18 packages fix severalvulnerabilities

From: Ralf HemmenstÃ¤dt <ralf.h(at)debian.hostserver.de>
Date: Mon Oct 01 2007 - 13:54:09 EDT

As Tim Wickberg already mentioned last week the local root exploit due to CVE-2007-4573 still works for the updated Xen kernel packages.

This is because of the fact xen does not use ia32entry.S but ia32entry-xen.S which is located in linux-2.6-xen-sparse.

I have attached the patch to fix CVE-2007-4573 for Xen-x86_64

Ralf

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


text/x-diff attachment: CVE-2007-4573-XEN.patch

Received on Mon Oct 1 14:22:44 2007

This message: [ Message body ]
Next message: dann frazier: "Re: [SECURITY] [DSA 1378-1] New Linux 2.6.18 packages fix severalvulnerabilities"
Previous message: Hans Finckh: "RE: [SECURITY] [DSA 1364-2] New vim packages fix several vulnerabilities"
Next in thread: dann frazier: "Re: [SECURITY] [DSA 1378-1] New Linux 2.6.18 packages fix severalvulnerabilities"
Reply: dann frazier: "Re: [SECURITY] [DSA 1378-1] New Linux 2.6.18 packages fix severalvulnerabilities"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sun Oct 07 2007 - 07:53:07 EDT