Your message dated Sat, 08 Jan 2005 06:48:41 -0500 with message-id <[EMAIL PROTECTED]> and subject line Bug#289155: fixed in kernel-source-2.6.9 2.6.9-5 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 7 Jan 2005 14:41:07 +0000 >From [EMAIL PROTECTED] Fri Jan 07 06:41:07 2005 Return-path: <[EMAIL PROTECTED]> Received: from inutil.org (vserver151.vserver151.serverflex.de) [193.22.164.111] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CmvIZ-0007RW-00; Fri, 07 Jan 2005 06:41:07 -0800 Received: from wlan-client-025.informatik.uni-bremen.de ([134.102.116.26] helo=localhost.localdomain) by vserver151.vserver151.serverflex.de with asmtp (TLS-1.0:RSA_ARCFOUR_SHA:16) (Exim 4.34) id 1CmvIX-0007Sb-Lt for [EMAIL PROTECTED]; Fri, 07 Jan 2005 15:41:05 +0100 Received: from jmm by localhost.localdomain with local (Exim 4.34) id 1CmvIU-0001lw-3s; Fri, 07 Jan 2005 15:41:02 +0100 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Moritz Muehlenhoff <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Subject: CAN-2004-1235: uselib() privilege escalation X-Mailer: reportbug 3.5 Date: Fri, 07 Jan 2005 15:41:01 +0100 Message-Id: <[EMAIL PROTECTED]> X-SA-Exim-Connect-IP: 134.102.116.26 X-SA-Exim-Mail-From: [EMAIL PROTECTED] X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond expanded to false Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_PACKAGE, RCVD_IN_DSBL autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: kernel-source-2.6.8 Version: 2.6.8 Severity: grave Tags: security Justification: user security hole Paul Starzetz from iSec Security Research has discovered a local root exploit in the Linux kernel: > Locally exploitable flaws have been found in the Linux > binary format loaders' uselib() functions that allow local > users to gain root privileges. The full advisory text: http://isec.pl/vulnerabilities/isec-0021-uselib.txt I haven't found a patch for 2.6 yet, a patch for 2.4 is available in the 2.4 Bitkeeper branch. Cheers, Moritz -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.9-1-386 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages kernel-source-2.6.8 depends on: ii binutils 2.15-5 The GNU assembler, linker and bina ii bzip2 1.0.2-2 high-quality block-sorting file co ii coreutils [fileutils] 5.2.1-2 The GNU core utilities --------------------------------------- Received: (at 289155-close) by bugs.debian.org; 8 Jan 2005 11:52:00 +0000 >From [EMAIL PROTECTED] Sat Jan 08 03:52:00 2005 Return-path: <[EMAIL PROTECTED]> Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CnF8R-0007j9-00; Sat, 08 Jan 2005 03:51:59 -0800 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1CnF5F-0007km-00; Sat, 08 Jan 2005 06:48:41 -0500 From: Andres Salomon <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] X-Katie: $Revision: 1.54 $ Subject: Bug#289155: fixed in kernel-source-2.6.9 2.6.9-5 Message-Id: <[EMAIL PROTECTED]> Sender: Archive Administrator <[EMAIL PROTECTED]> Date: Sat, 08 Jan 2005 06:48:41 -0500 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Source: kernel-source-2.6.9 Source-Version: 2.6.9-5 We believe that the bug you reported is fixed in the latest version of kernel-source-2.6.9, which is due to be installed in the Debian FTP archive: kernel-doc-2.6.9_2.6.9-5_all.deb to pool/main/k/kernel-source-2.6.9/kernel-doc-2.6.9_2.6.9-5_all.deb kernel-patch-debian-2.6.9_2.6.9-5_all.deb to pool/main/k/kernel-source-2.6.9/kernel-patch-debian-2.6.9_2.6.9-5_all.deb kernel-source-2.6.9_2.6.9-5.diff.gz to pool/main/k/kernel-source-2.6.9/kernel-source-2.6.9_2.6.9-5.diff.gz kernel-source-2.6.9_2.6.9-5.dsc to pool/main/k/kernel-source-2.6.9/kernel-source-2.6.9_2.6.9-5.dsc kernel-source-2.6.9_2.6.9-5_all.deb to pool/main/k/kernel-source-2.6.9/kernel-source-2.6.9_2.6.9-5_all.deb kernel-tree-2.6.9_2.6.9-5_all.deb to pool/main/k/kernel-source-2.6.9/kernel-tree-2.6.9_2.6.9-5_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andres Salomon <[EMAIL PROTECTED]> (supplier of updated kernel-source-2.6.9 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sat, 08 Jan 2005 05:17:38 -0500 Source: kernel-source-2.6.9 Binary: kernel-source-2.6.9 kernel-tree-2.6.9 kernel-patch-debian-2.6.9 kernel-doc-2.6.9 Architecture: source all Version: 2.6.9-5 Distribution: unstable Urgency: low Maintainer: Debian kernel team <debian-kernel@lists.debian.org> Changed-By: Andres Salomon <[EMAIL PROTECTED]> Description: kernel-doc-2.6.9 - Linux kernel specific documentation for version 2.6.9 kernel-patch-debian-2.6.9 - Debian patches to Linux 2.6.9 kernel-source-2.6.9 - Linux kernel source for version 2.6.9 with Debian patches kernel-tree-2.6.9 - Linux kernel tree for building prepackaged Debian kernel images Closes: 289155 Changes: kernel-source-2.6.9 (2.6.9-5) unstable; urgency=low . * [powerpc] Added a couple of powermac patches from Benjamin Herrenschmidt : - 970FX cpu support - G5 thermal management update - Misc powermac fixes backports (Bug #287030) (Sven Luther) . * [powerpc] Moved from powerpc kernel-patch package : - powermac legacy serial fix. - pegasos via-ide dual interrupt fix. (Sven Luther) . * [powerpc] Added _chrp_type support though pegasos patch (Sven Luther) . * [powerpc - prep] Fix bad irq assignement for pci devices on motorola powerstack boxes. (Sven Luther) . * add dh_fixperms to the build targets to kernel-patch-debian-2.6.9 to ensure that the permissions of the files in this package are sensible. (See: Bug#288279) (Simon Horman) . * [SECURITY] Fix vulnerability in the ELF loader code allowing local attacker to execute code as root; CAN-2004-1235. (Maximilian Attems) . * [SECURITY] 028-do_brk_security_fixes.dpatch Drop Marcelo's fix, use Linus' instead. Fix local root vulnerability for various do_brk() calls; ensure an exclusive lock on memory while modifying it; CAN-2004-1235 (Andres Salomon) (closes: #289155). . * [SECURITY] 029-random_poolsize_overflow.dpatch drivers/char/random allows you to set the poolsize; its sanity checking on that input isn's very good. We fix that here. See http://seclists.org/lists/fulldisclosure/2005/Jan/0270.html for more details. This fixes #3 on that list (Andres Salomon). . * [SECURITY] 030-moxa_user_copy_checking.dpatch The moxa driver does some ugly things w/ signed integers. This fixes #4 on Brad Spengler's advisory (Andres Salomon). . * [SECURITY] 031-sg_scsi_ioctl_int_overflows.dpatch SG ioctl stuff doesn't actually check whether the scsi command length is positive. #5 on the above advisory (Andres Salomon). Files: 5143700ba9c43b8c3f137eff90659dd9 986 devel optional kernel-source-2.6.9_2.6.9-5.dsc 718399080f19d22578302a078883b980 317572 devel optional kernel-source-2.6.9_2.6.9-5.diff.gz b06bce5ba5ddd62d470d758a9023c67d 327064 devel optional kernel-patch-debian-2.6.9_2.6.9-5_all.deb f2735892451a11ae4ed6a3fec837f9be 35613904 devel optional kernel-source-2.6.9_2.6.9-5_all.deb ff2d299a540dd3de0d3bbb40c679c178 25484 devel optional kernel-tree-2.6.9_2.6.9-5_all.deb bb9be2748ccb0c06ed224025ee3d3034 6316328 doc optional kernel-doc-2.6.9_2.6.9-5_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFB372i78o9R9NraMQRAlcJAKCE19tYMVXWj9hbkwWAQmVNUJB7LgCffYfq AcNBruAzs6HI4ui+RNNIFjs= =DMqK -----END PGP SIGNATURE-----