tag 309429 +pending thanks On Tue, May 17, 2005 at 09:06:16AM +0200, Moritz Muehlenhoff wrote: > Package: kernel-source-2.6.8 > Severity: grave > Justification: user security hole > > > Two new local privilege escalations have been found in the 2.6 kernels; > input to the pktcdvd and raw ioctls is passed unchecked. Both issues > have been fixed in 2.6.11.10. 2.4 does not seem to be affected. > At least one of the issues is CAN-2005-1264.
2.6.11 is vulnerable to both of these problems. 2.6.11.10 has been applied in SVN and should appear in 2.6.11-5. 2.6.8 is only vulnerable to the raw ioctl problem, which I believe is CAN-2005-1264. I have added the patch from 2.6.11.10 in SVN to both the trunk (unstable/testing-proposed-updates) and sarge-security (testing-security) branches and it should appear in 2.6.8-16 and 2.6.8-15sarge1 respectively. 2.4.27 does not appear to be vulnerable to either of these problems. -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]