|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: [SECURITY] [DSA 1494-1] New linux-2.6 packages fix privilege escalation
Date: Mon Feb 11 2008 - 18:09:35 EST
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Florian Weimer un jour écrivit:
>
> Package : linux-2.6
> Vulnerability : missing access checks
> Problem type : local
> Debian-specific: no
> CVE Id(s) : CVE-2008-0010 CVE-2008-0163 CVE-2008-0600
> In the vserver-enabled kernels, a missing access check on certain
> symlinks in /proc enabled local attackers to access resources in other
> vservers (CVE-2008-0163).
>
> For the stable distribution (etch), this problem has been fixed in
> version 2.6.18.dfsg.1-18etch1.
>
> In addition to these fixes, this update also incorporates changes
> from the upcoming point release of the stable distribution.
>
> The old stable distribution (sarge) is not affected by this problem.
>
> The unstable (sid) and testing distributions will be fixed soon.
It seems that there is no update available for PowerPC and Sparc, and maybe other architectures as well. Do we have again the problems we had with security updates for PowerPC in August 2007?
If the updates are known to be available only later, would It be possible to announce It in the advisory, as It is usually done?
And maybe make a statement about It if an architecture is not affected (though It is obviously not the case here).
Simon Valiquette
http://gulus.USherbrooke.ca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Linux PPC)
iD8DBQFHsNVRJPE+P+aMAJIRA9XjAKDBFjM1qF7Uoz69bWAqmShNgHr2vQCeJSTo
1fV9NossyFITd9IVkE5JtE8=
=9dXH
-----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.orgReceived on Mon Feb 11 18:10:24 2008
This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 06:55:42 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |