Your message dated Tue, 30 Jun 2026 18:17:26 +0000
with message-id <[email protected]>
and subject line Bug#1140943: fixed in linuxcnc
2.9.0~pre1+git20230208.f1270d6ed7-1+deb12u2
has caused the Debian Bug report #1140943,
regarding LinuxCNC: Security issue in suid RTAPI component (CVE-2026-58302)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1140943: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1140943
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: linuxcnc-uspace
Severity: important
Version: 1:2.9.0
According to the release announcement for version 2.9.9, there is a
security issue that need to be fixed in LinuxCNC:
To address the last part first, it has been noted by two separate
people that a weakness in the RTAPI allows for privilege escalation as
it runs as setuid root (to give direct access to hardware). Given the
use-case for most LinuxCNC machines this is unlilely to be a problem
in most cases; most hobby users will have root access anyway. The
issue has been patched in both 2.9 and in the development branch.
I am not sure which version the problem appeared, but list is as
existing in oldstable to get a fairly solid baseline.
--
Happy hacking
Petter Reinholdtsen
--- End Message ---
--- Begin Message ---
Source: linuxcnc
Source-Version: 2.9.0~pre1+git20230208.f1270d6ed7-1+deb12u2
Done: Petter Reinholdtsen <[email protected]>
We believe that the bug you reported is fixed in the latest version of
linuxcnc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Petter Reinholdtsen <[email protected]> (supplier of updated linuxcnc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 28 Jun 2026 23:34:48 +0200
Source: linuxcnc
Architecture: source
Version: 2.9.0~pre1+git20230208.f1270d6ed7-1+deb12u2
Distribution: bookworm
Urgency: medium
Maintainer: LinuxCNC Developers <[email protected]>
Changed-By: Petter Reinholdtsen <[email protected]>
Closes: 1140943
Changes:
linuxcnc (2.9.0~pre1+git20230208.f1270d6ed7-1+deb12u2) bookworm; urgency=medium
.
* Team upload.
.
* Told gbp to use xz compression, to match already uploaded
orig.tar.gz.
* Added 0010-sanitize-hal-paths.patch to sanitize name for module in
rtapi_app (Closes: #1140943).
* Added a small patch to fix missing gettimeofday() declaration with
newer GCC/glibc version.
Checksums-Sha1:
97466d61ea2a44005550bc28b0ff77fc1d4ad864 3490
linuxcnc_2.9.0~pre1+git20230208.f1270d6ed7-1+deb12u2.dsc
fea1bfd763765669f15ffa3c3b6974f251bc35cd 146576
linuxcnc_2.9.0~pre1+git20230208.f1270d6ed7-1+deb12u2.debian.tar.xz
731cc858a5bb0998c61ae233fd091f8ecef1a9a0 22602
linuxcnc_2.9.0~pre1+git20230208.f1270d6ed7-1+deb12u2_source.buildinfo
Checksums-Sha256:
604da260684ef8934950783a81c9a7faf1b9d00caee1576aaff56b40e9ac5b61 3490
linuxcnc_2.9.0~pre1+git20230208.f1270d6ed7-1+deb12u2.dsc
036e9af8229853b411ca14a7302b6f63764a60f36692965b0b3731f41182238a 146576
linuxcnc_2.9.0~pre1+git20230208.f1270d6ed7-1+deb12u2.debian.tar.xz
cd2b1cd24328eea55857cfcb2149c01a54b208859ecfcd87cb0ae079eef809c3 22602
linuxcnc_2.9.0~pre1+git20230208.f1270d6ed7-1+deb12u2_source.buildinfo
Files:
c503f09c46969de4fa6f6043158e1491 3490 misc optional
linuxcnc_2.9.0~pre1+git20230208.f1270d6ed7-1+deb12u2.dsc
41ab513b6f182cdfff300158e90dfe30 146576 misc optional
linuxcnc_2.9.0~pre1+git20230208.f1270d6ed7-1+deb12u2.debian.tar.xz
f750262025bcdb61b8fa50e9620574a5 22602 misc optional
linuxcnc_2.9.0~pre1+git20230208.f1270d6ed7-1+deb12u2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEERqLf4owIeylOb9kkgSgKoIe6+w4FAmpBn9gACgkQgSgKoIe6
+w6ohxAAt0xgrbREKpKKobyaTvOCPZdckBCHxFdWBWwIbsPIlcQnMBxwQHbHf38B
VgYlmQvpYzelfCgcYPYdrkQlcXWZncI50VGDFg2ArRukeMBCXZ04EJ9amel4UKFv
RSOeeuulgr8/024SfPzc1qU+OuO5957kG/B3Zi34durQoijVqWdWkY1LXPB/DBIF
C2s1u5tc7lhfek2FH05yqaE2QP9XJlcGT++iF6DlG0vw+BSheLqL1XasXZAAtfcC
c1Yovw4rxWhhVw2AMe2XTnWmYLWvjSnvqh+v/kheGK0xShT2+/kL/6xeZxY4XVCn
sn/M4cuF/7e70ORVmzS2Lmp8Xtr/SOc2kCBPLLhlNazB83YHVxty5VQ8EyeUhRzq
yUpPJ44lzldsD0VeyqqMZzTAtTlE3lCrNvl21x6EsDuNsfsvbqW8OVmkBKvFmyHp
Oz9HABZuC7Ngn2+jlPrJLy8JcMl+fimkRdufs0AP5Gr6h9KS8Af+fl+hpgymImNQ
T0rhIqCSgNh7DzG+wdl1DZymIgQIQ2upa5VMoYhvu5OO0RbHM/aDk4AHydsS1OPB
/Ju1ac+wdeZ9Lni81+Dsq5iOE+6G60VIC7GIxqS8eCHquX+S0SAKTOQKWiTJM1YN
3N3rzs+zw1B421VpoJnOHIRRPofUnskuOgVuP+brii2CvPNRQzI=
=77+I
-----END PGP SIGNATURE-----
pgpFiiodUTyPr.pgp
Description: PGP signature
--- End Message ---