Your message dated Thu, 20 Aug 2009 19:10:46 +0200
with message-id <20090820171046.gc18...@inutil.org>
and subject line Re: linux-image-2.6.26-2-686: Local Privilege Escalation
has caused the Debian Bug report #541403,
regarding linux-source-2.6.30: Local privilege escalation (incorrect proto_ops
initializations)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
541403: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=541403
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: linux-source-2.6.30
Version: 2.6.30-4
Severity: critical
Tags: security
Justification: root security hole
See:
http://seclists.org/fulldisclosure/2009/Aug/0173.html
See the link for a patch from Linus at the bottom. Please back patch
at your earliest convenience.
thank you,
tim
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.30 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages linux-source-2.6.30 depends on:
ii binutils 2.19.51.20090805-1 The GNU assembler, linker and bina
ii bzip2 1.0.5-3 high-quality block-sorting file co
Versions of packages linux-source-2.6.30 recommends:
ii gcc 4:4.3.3-9 The GNU C compiler
ii libc6-dev [libc-dev] 2.9-24 GNU C Library: Development Librari
ii make 3.81-6 An utility for Directing compilati
Versions of packages linux-source-2.6.30 suggests:
ii kernel-package 12.017 A utility for building Linux kerne
ii libncurses5-dev [ncurses- 5.7+20090803-1 developer's libraries and docs for
pn libqt3-mt-dev <none> (no description available)
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 2.6.30-6
On Thu, Aug 13, 2009 at 05:43:25PM -045A00, Stefano wrote:
> Package: linux-image-2.6.26-2-686
> Version: 2.6.26-17
> Justification: root security hole
> Severity: critical
> Tags: security
>
> *** Please type your report below this line ***
>
> Hi,
>
> today a serious bug in the Linux Kernel has been discovered and
> disclosed. It affects all 2.4 and 2.6 kernels since 2001 on all
> architectures.
>
> See here for more details:
> http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html
>
> Hopefully this bug has already been patched:
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e694958388c50148389b0e9b9e9e8945cf0f1b98
>
> I'm pretty sure that you guys already know that, but it is really urgent
> to apply the patch and release an update for the linux-image packages.
>
> Thank you for your fantastic job.
This was fixed in unstable in 2.6.30-6. The 2.6.18, 2.6.24 and 2.6.26 kernels
from Etch and Lenny have been fixed in DSAs.
Cheers,
Moritz
--- End Message ---