Package: linux-image-2.6.24-1-xen-686
Version: 2.6.24-3
Severity: important
It'd be nice if this actually worked as the only other
alternative is 2.6.18 from Etch. Instead what it does is
start then sit there using 100% CPU. It doesn't even print
debugging messages.
This happens on Xen 3.2.
--
I also checked that linux-image-2.6.18-5-k7 2.6.18.dfsg.1-17 is
vulnerable.
signature.asc
Description: This is a digitally signed message part.
Just try explot from http://www.milw0rm.com/exploits/5092 at my
linux-image-2.6.18-5-686 kernel. And it works. Please backport patch
from 2.6.24.1 kernel (CVE-2008-0009/10).
2.6.24.1 does not fix the issue, see
http://marc.info/?l=linux-kernelm=120262352612128w=2
I have also verified that
* Vitaliy Okulov:
Yep, im sure.
Ah, okay, but I think this is not CVE-2008-0009 or CVE-2008-0010.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Sat, Feb 09, 2008 at 10:30:01AM +, Daniel Baumann wrote:
Added patch from unionfs upstream to export release_open_intent symbol.
And Linux upstream said what about this? It changes the ABI of vmlinux,
so nack.
Bastian
--
Conquest is easy. Control is not.
-- Kirk,
Yep, im sure.
Copy of exploit: http://www.securityfocus.com/bid/27704/exploit
[EMAIL PROTECTED]:~/coding/sample$ wget
http://downloads.securityfocus.com/vulnerabilities/exploits/27704.c
--12:25:09--
http://downloads.securityfocus.com/vulnerabilities/exploits/27704.c
= `27704.c'
Resolving
* Vitaliy Okulov:
Oh, just reread http://marc.info/?l=linux-kernelm=120262352612128w=2
Thereis no bugfix.
Yes, it appears to be a different bug.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Oh, just reread http://marc.info/?l=linux-kernelm=120262352612128w=2
Thereis no bugfix.
Whait for Jens Axboe to fix this patch.
2008/2/10, Vitaliy Okulov [EMAIL PROTECTED]:
Hm, maybe, but i read http://www.securityfocus.com/bid/27705/solution
The vendor released version 2.6.24.1 to address
Your message dated Sun, 10 Feb 2008 11:01:14 +0100
with message-id [EMAIL PROTECTED]
and subject line Bug#465022: linux-image-2.6.24-1-xen-686: Does not work
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the
Hm, maybe, but i read http://www.securityfocus.com/bid/27705/solution
The vendor released version 2.6.24.1 to address these issues. Please see
the references for more information.
And then read http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1where
i found only 1 bugfix for vmsplice.
On Sat, 09 Feb 2008, Joey Hess wrote:
As soon as the kernel is booted from grub, before it prints any normal
messages, it crashes as follows:
BUG: Int 6: CR2
EDI ESI 1000 EBP 0020 ESP c0373f54
EBX c03e5140 EDX 000C ECX EAX c034f3e0
**
Build finished at 20080210-0520
FAILED [dpkg-buildpackage died]
Flo
--
Florian Lohoff [EMAIL PROTECTED] +49-171-2280134
Those who would give up a little freedom to get a little
security shall soon have neither - Benjamin Franklin
signature.asc
Processing commands for [EMAIL PROTECTED]:
tags 464945 patch
Bug#464945: linux-image-2.6.18-6-686: Exploit for vmsplice work for
linux-image-2.18-5-686 (CVE-2008-0009/10)
Tags were: security
Bug#464953: linux-2.6: mmap() local root exploit
Tags added: patch
On Sun, Feb 10, 2008 at 03:19:20AM
tags 464945 patch
On Sun, Feb 10, 2008 at 03:19:20AM +0300, Okulov Vitaliy wrote:
Just try explot from http://www.milw0rm.com/exploits/5092 at my
linux-image-2.6.18-5-686 kernel. And it works. Please backport patch
from 2.6.24.1 kernel (CVE-2008-0009/10).
Preliminary patch, it includes more
On Sun, Feb 10, 2008 at 01:00:33PM +0100, Bastian Blank wrote:
On Sun, Feb 10, 2008 at 03:19:20AM +0300, Okulov Vitaliy wrote:
Just try explot from http://www.milw0rm.com/exploits/5092 at my
linux-image-2.6.18-5-686 kernel. And it works. Please backport patch
from 2.6.24.1 kernel
Package: redhat-cluster
Severity: wishlist
Tags: patch l10n
Please add the italian debconf templates translation (attached).
Thanks,
Luca
it.po
Description: Binary data
On Sun, Feb 10, 2008 at 01:58:34AM +0100, Jonas Meurer wrote:
On 08/02/2008 Joachim Breitner wrote:
I’m not sure about his. I am pretty sure the error messages came _after_
I entered the password the first time, but _before_ cryptsetup exits,
which I noticed when I entered the password wrong
Am 2008-02-05 04:10:33, schrieb [EMAIL PROTECTED]:
Package: linux-image-k7
Apparently -k7 users should now start using -686 packages.
However, without adjustments in the Depends, the effect will be -k7
users will start wondering after a few months why the haven't seen a
new kernel during
maximilian attems wrote:
i haven't yet compiled latest git21 (will do later today), in the
menatime i have i386 snapshots of git15, can you try there the -686
http://charm.itp.tuwien.ac.at/~mattems/git15/
if upstream fixed this bug inbetween?
Nope, still fails.
--
see shy jo
signature.asc
Martin Michlmayr wrote:
* Joey Hess [EMAIL PROTECTED] [2008-02-09 21:14]:
-rw-r--r-- 1 root root 1337692 Feb 7 14:04 vmlinuz-2.6.24-1-ixp4xx
The Kernel mtd block device on the nslu2 is 1310720 bytes.
Are you sure about this? I'm pretty sure the official Debian images
use 1441792
* Joey Hess [EMAIL PROTECTED] [2008-02-09 21:14]:
-rw-r--r-- 1 root root 1337692 Feb 7 14:04 vmlinuz-2.6.24-1-ixp4xx
The Kernel mtd block device on the nslu2 is 1310720 bytes.
Are you sure about this? I'm pretty sure the official Debian images
use 1441792 bytes for the Kernel partition.
Processing commands for [EMAIL PROTECTED]:
# Automatically generated email from bts, devscripts version 2.9.26
tags 251023 + pending
Bug#251023: [PATCH] An initrd level patch for customized DSDT
Tags were: wontfix patch
Tags added: pending
End of message, stopping processing here.
Please
* Joey Hess [EMAIL PROTECTED] [2008-02-10 14:15]:
Think I should try to flash the new kernel via upslug?
Or flash a d-i image and then mount the disk and write the kernel to
flash.
--
Martin Michlmayr
http://www.cyrius.com/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of
Processing commands for [EMAIL PROTECTED]:
found 464953 2.6.18.dfsg.1-17etch1
Bug#464953: linux-2.6: mmap() local root exploit
Bug#464945: linux-image-2.6.18-6-686: Exploit for vmsplice work for
linux-image-2.18-5-686 (CVE-2008-0009/10)
Bug marked as found in version 2.6.18.dfsg.1-17etch1.
Hi,
a modification of the exploit that finds the address of sys_vmsplice in the
kernel (using /proc/kallsyms) and replaces the first byte with a RET instruction
(using mmap of /dev/kmem) is available at
http://www.ping.uio.no/~mortehu/disable-vmsplice-if-exploitable.c
--
Morten Hustveit
Your message dated Sun, 10 Feb 2008 21:01:46 +0100
with message-id [EMAIL PROTECTED]
and subject line Bug#464958: too large to fit in flash on the nslu2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case
Martin Michlmayr wrote:
* Joey Hess [EMAIL PROTECTED] [2008-02-10 14:15]:
Think I should try to flash the new kernel via upslug?
Or flash a d-i image and then mount the disk and write the kernel to
flash.
Ok, I have a fixed partition size now, and of course it fits.
mtd3: 0016
Hi Martin
On Feb 10, 2008 1:01 PM, Martin Michlmayr [EMAIL PROTECTED] wrote:
* Joey Hess [EMAIL PROTECTED] [2008-02-10 14:55]:
mtd3: 0016 0002 Kernel
OK, closing bug. User error: not using a standard MTD partition
layout.
It looks like we need to update
Processing commands for [EMAIL PROTECTED]:
# Automatically generated email from bts, devscripts version 2.10.13
tags 251023 - wontfix
Bug#251023: [PATCH] An initrd level patch for customized DSDT
Tags were: pending wontfix patch
Tags removed: wontfix
End of message, stopping processing here.
Unofficial prebuilt packages are here:
http://134.2.34.20/blank/debian/linux-2.6/
as referenced here:
http://lists.debian.org/debian-kernel/2008/02/msg00363.html
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
* Gordon Farquharson [EMAIL PROTECTED] [2008-02-10 14:08]:
# Let's pad the kernel to 131072 * 10 + 1 so it will be rounded up
# by slugimage to 131072 * 11, i.e. 11 blocks.
util/arm/nslu2/pad $(TEMP)/$(KERNELNAME).nslu2 1310724
BTW, 1310724 seems to be 131072 * 10 + 4
On Fri, 08 Feb 2008, Guido Bozzetto wrote:
The sistem is i386 archicture and not amd64. Please can you make a
_i386.deb ?
Thank you, Guido Bozzetto.
http://charm.itp.tuwien.ac.at/~mattems/git15/
currently building git22, let me know on aboves.
Hi Martin
On Feb 10, 2008 2:40 PM, Martin Michlmayr [EMAIL PROTECTED] wrote:
BTW, 1310724 seems to be 131072 * 10 + 4 rather than +1 as the comment
claims. I wonder why I made that mistake.
I think that you chose 1310724 in the code because it needs to be
divisible by 4 for devio to perform
On Sun, Feb 10, 2008 at 02:43:23PM +0100, Bastian Blank wrote:
On Sun, Feb 10, 2008 at 01:00:33PM +0100, Bastian Blank wrote:
On Sun, Feb 10, 2008 at 03:19:20AM +0300, Okulov Vitaliy wrote:
Just try explot from http://www.milw0rm.com/exploits/5092 at my
linux-image-2.6.18-5-686 kernel.
Just mentioning that the hotfix mentioned here:
http://www.ping.uio.no/~mortehu/disable-vmsplice-if-exploitable.c
appeared to have wedged (crashed hard, frozen) my machine, an otherwise
very stable pentium 4 machine running 2.6.18-5-686 (with nvidia
oldstable xorg proprietry drivers).
Package: linux-image-2.6.22-3-686
Version: 2.6.22-6
Severity: normal
The machine will completely freeze up and the kern.log shows the following:
Feb 9 22:23:29 twang kernel: BUG: unable to handle kernel NULL pointer
dereference at virtual address 006e
Feb 9 22:23:29 twang kernel:
* Gordon Farquharson [EMAIL PROTECTED] [2008-02-10 16:40]:
BTW, 1310724 seems to be 131072 * 10 + 4 rather than +1 as the comment
claims. I wonder why I made that mistake.
I think that you chose 1310724 in the code because it needs to be
divisible by 4 for devio to perform the endian swap
37 matches
Mail list logo
