Your message dated Sun, 13 Feb 2005 15:33:39 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#293940: fixed in kernel-patch-adamantix 1.6
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 6 Feb 2005 22:38:49 +0000
>From [EMAIL PROTECTED] Sun Feb 06 14:38:49 2005
Return-path: <[EMAIL PROTECTED]>
Received: from krepost.taket.org (localhost) [82.233.235.217]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cxv3J-0001qO-00; Sun, 06 Feb 2005 14:38:49 -0800
Received: from djoume by localhost with local (Exim 4.44)
id 1Cxv3C-0001sG-Uo; Sun, 06 Feb 2005 23:38:43 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Djoume SALVETTI <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: kernel-patch-adamantix: [CAN-2004-0667] RSBAC privilege escalation
inside
jail
X-Mailer: reportbug 3.7.1
Date: Sun, 06 Feb 2005 23:38:42 +0100
X-Debbugs-Cc: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: kernel-patch-adamantix
Severity: normal
Good day,
RSBAC patch included in kernel-patch-adamantix seems to be vulnerable
to CAN-2004-0667 :
More details can be grab here :
http://www.rsbac.org/download/bugfixes/
and a one line patch is available here :
http://www.rsbac.org/download/bugfixes/v1.2.3/rsbac-bugfix-v1.2.3-3.diff
This problem is also fixed in devel version (1.2.4) of RSBAC.
Regards.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: powerpc (ppc)
Kernel: Linux 2.6.9-rfb-swsusp
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages kernel-patch-adamantix depends on:
ii bash 3.0-14 The GNU Bourne Again SHell
pn grep-dctrl Not found.
ii patch 2.5.9-2 Apply a diff file to an original
---------------------------------------
Received: (at 293940-close) by bugs.debian.org; 13 Feb 2005 20:38:10 +0000
>From [EMAIL PROTECTED] Sun Feb 13 12:38:10 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1D0QVO-0006jC-00; Sun, 13 Feb 2005 12:38:10 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1D0QR1-0002m5-00; Sun, 13 Feb 2005 15:33:39 -0500
From: Javier Fernandez-Sanguino Pen~a <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#293940: fixed in kernel-patch-adamantix 1.6
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sun, 13 Feb 2005 15:33:39 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 2
Source: kernel-patch-adamantix
Source-Version: 1.6
We believe that the bug you reported is fixed in the latest version of
kernel-patch-adamantix, which is due to be installed in the Debian FTP archive:
kernel-patch-adamantix_1.6.dsc
to pool/main/k/kernel-patch-adamantix/kernel-patch-adamantix_1.6.dsc
kernel-patch-adamantix_1.6.tar.gz
to pool/main/k/kernel-patch-adamantix/kernel-patch-adamantix_1.6.tar.gz
kernel-patch-adamantix_1.6_all.deb
to pool/main/k/kernel-patch-adamantix/kernel-patch-adamantix_1.6_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Javier Fernandez-Sanguino Pen~a <[EMAIL PROTECTED]> (supplier of updated
kernel-patch-adamantix package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Format: 1.7
Date: Sun, 13 Feb 2005 13:17:24 +0100
Source: kernel-patch-adamantix
Binary: kernel-patch-adamantix
Architecture: source all
Version: 1.6
Distribution: unstable
Urgency: low
Maintainer: Javier Fernandez-Sanguino Pen~a <[EMAIL PROTECTED]>
Changed-By: Javier Fernandez-Sanguino Pen~a <[EMAIL PROTECTED]>
Description:
kernel-patch-adamantix - Kernel patches introduced in Adamantix
Closes: 225642 293940
Changes:
kernel-patch-adamantix (1.6) unstable; urgency=low
.
* Updated to latest Adamantix release: kernel-source-2.4.27_2.4.27-19
(from the 1.0.5 Adamantix 'testing' release), by Peter Busser
- This new version includes the fix for [CAN-2004-0667]
RSBAC privilege escalation inside jail (Closes: #293940)
- Adds RSBAC bugfix 4.
- Adds a bug fix which enables softmode on/off switching
- Added workaround for sockfs bug
- Added cttproxy patch v1.2.1
- Added the RSBAC module switching patch for the AUTH module.
- Added RSBAC v1.2.3 plus bug fixes 1 and 3. (bf 2 is for 2.6)
- Added the v2.6 IPSEC backport version 20040416 by Herbert Xu.
- Added the fast network device lookup patch.
* Included the patches from http://kernel.adamantix.org/download/2.4.26/
in the source package but not in the binary package, as I still
need to review those and they might not be current (and still include
code with known vulnerabilities).
* Moved rsbac documentation to rsbac-doc
* Included PaX documentation
* Provided the config examples at
http://kernel.adamantix.org/download/2.4.26/config/
in the package.
Together with the rsbac documentation provided this means this
version Closes: #225642
Files:
d447af5cf9a9b6f1d0a89755c26ad14f 676 devel extra kernel-patch-adamantix_1.6.dsc
0178ec2003e2dada0d0adcb44e7c03aa 3041741 devel extra
kernel-patch-adamantix_1.6.tar.gz
52e117a482464ea5d75a61f17819bbf8 2303294 devel extra
kernel-patch-adamantix_1.6_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iQCVAwUBQg+1XPtEPvakNq0lAQEEggP/Sphx6p82U7nFhd92RY9LbTP5ABvcZX6f
oH3BZF/4xDfx2lUMAGs/sqBhp9w1BHQ6a3YP3segh3fMRneQvVjTnKn85YQrY15z
+JugnDmRn9PR3U8lZDwEbB51z56OIoBlS6RtrCnNeL7zRAhicjsf/Es8NUBQsVeJ
d9HRT5jhFCM=
=v7+7
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
