Your message dated Tue, 30 Jun 2026 18:17:08 +0000
with message-id <[email protected]>
and subject line Bug#1140943: fixed in linuxcnc 1:2.9.4-2+deb13u1
has caused the Debian Bug report #1140943,
regarding LinuxCNC: Security issue in suid RTAPI component (CVE-2026-58302)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1140943: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1140943
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: linuxcnc-uspace
Severity: important
Version: 1:2.9.0
According to the release announcement for version 2.9.9, there is a
security issue that need to be fixed in LinuxCNC:
To address the last part first, it has been noted by two separate
people that a weakness in the RTAPI allows for privilege escalation as
it runs as setuid root (to give direct access to hardware). Given the
use-case for most LinuxCNC machines this is unlilely to be a problem
in most cases; most hobby users will have root access anyway. The
issue has been patched in both 2.9 and in the development branch.
I am not sure which version the problem appeared, but list is as
existing in oldstable to get a fairly solid baseline.
--
Happy hacking
Petter Reinholdtsen
--- End Message ---
--- Begin Message ---
Source: linuxcnc
Source-Version: 1:2.9.4-2+deb13u1
Done: Petter Reinholdtsen <[email protected]>
We believe that the bug you reported is fixed in the latest version of
linuxcnc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Petter Reinholdtsen <[email protected]> (supplier of updated linuxcnc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 28 Jun 2026 23:02:42 +0200
Source: linuxcnc
Architecture: source
Version: 1:2.9.4-2+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: LinuxCNC Developers <[email protected]>
Changed-By: Petter Reinholdtsen <[email protected]>
Closes: 1140943
Changes:
linuxcnc (1:2.9.4-2+deb13u1) trixie; urgency=medium
.
* Team upload.
.
* Added 0010-sanitize-hal-paths.patch to sanitize name for module in
rtapi_app (Closes: #1140943).
* Added d/gbp.conf to enforce the use of pristine-tar and using
correct git branch for stable updates.
Checksums-Sha1:
7a20bd90d7788f569b687bf06e8600db18f42a91 3401 linuxcnc_2.9.4-2+deb13u1.dsc
c8048478fe02db4cded687d40f41ec64d224bff0 150468
linuxcnc_2.9.4-2+deb13u1.debian.tar.xz
19f081259f27af25a60d53eaaefd4a2cfeefbd6f 24652
linuxcnc_2.9.4-2+deb13u1_source.buildinfo
Checksums-Sha256:
b5955c5005c8a421ff128397b8ebc5cb11fa14743c6d89c88530307723d0574a 3401
linuxcnc_2.9.4-2+deb13u1.dsc
453a56d5ea181ba0083999be6d705db19a8f6bfc27fc10942023458ce58dd6e6 150468
linuxcnc_2.9.4-2+deb13u1.debian.tar.xz
3c9f94d5d6a9b7cceff17a7c2d968ce6a817beda207682ac019fe1ecc8a8df00 24652
linuxcnc_2.9.4-2+deb13u1_source.buildinfo
Files:
9367400a8bef686742818668ecc4029f 3401 misc optional
linuxcnc_2.9.4-2+deb13u1.dsc
2a586e9164c6a075965b24dc66c5b1f2 150468 misc optional
linuxcnc_2.9.4-2+deb13u1.debian.tar.xz
c151ac289eee00bada16369766ed99d7 24652 misc optional
linuxcnc_2.9.4-2+deb13u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEERqLf4owIeylOb9kkgSgKoIe6+w4FAmpBki8ACgkQgSgKoIe6
+w4Aqw//Zkqw/yFPQqE72Ca72iP4Z78DM3NMENWApzqqmB33TWpDyok6DK+TRgIh
35Hq2LBXXvtPeMFIrBQOR+/cnAxNmFmuuj9OJ0K4PXJWejgR/jQMPQDtky/I18TA
Jpl55Om0vtqmUqA96w7AXH3zF6GRGP7ORaEtPHIX/TlmsSM4bTf6O9a3bPZSXoLh
UBM5zdi1QuHdM2W9/2Hf+6cfJTPBywFS00Qa5M+wLioyUBjPmXgjj4Eg20L+I7U/
dxsXOI+d225r9qZ0pTv0rxmUnCrr4ReUU6x9BI76axZJ+Wv6g2kFGGmgyTPpbzth
kK1DsH3E4NffbYPusgrB1hHMiilLgP4lWASEAxYic5cqGMMSS5cJQ49yRZMTNbKt
7MXI2Mq+Er892TWZ/ISUWAvZm6szeCMkfUgkZTbGXnoU53fUf53o0LjsdlREVqb9
YH8w2w0yH9KmmYJEFCifciE3d3IiINFxYPLZcPXVov4XDTVXyjDSdEzZcUhvOd2T
GRXDCT8V5CO6BCkAbc2UKpItB87eiICPdwtjjorREccmYUdTdKrBSRy4u4FwRsyF
MXxoMr9FgQXV9/0JUxfgkF1pdWgrz6RV9DzCzxv9KZ5vVP9ixXW+XIMVKee7O3cv
MOTQAa65Q98weinhy8efY4OiRN8c+9kYcqzL07BdMLX3Bh/NFFo=
=q4yc
-----END PGP SIGNATURE-----
pgptpjEbvyOyk.pgp
Description: PGP signature
--- End Message ---