Your message dated Thu, 24 May 2007 21:16:51 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#418076: fixed in linux-2.6 2.6.18.dfsg.1-13
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: linux-2.6
Version: 2.6.18.dfsg.1-12
Severity: important
Tags: patch
The VXC_BINARY_MOUNT capability should be sufficient to mount network
filesystems, but its not. Due to this bug, users currently must grant a
vserver SYS_ADMIN capabilities in order to mount network filesystems.
Though this works, SYS_ADMIN also gives the vserver a hell of a lot of
other privileges as well (turn swap off & on, configure md, access to
nvram, etc). See http://linux-vserver.org/Capabilities_and_Flags for the
full list.
This patch from upstream fixes the issue.
diff -NurpP --minimal linux-2.6.18.5-vs2.0.2.2-rc9/fs/super.c
linux-2.6.18.5-vs2.0.3-rc1/fs/super.c
--- linux-2.6.18.5-vs2.0.2.2-rc9/fs/super.c 2006-09-20 17:59:47 +0200
+++ linux-2.6.18.5-vs2.0.3-rc1/fs/super.c 2006-12-13 23:06:16 +0100
@@ -848,7 +848,7 @@ vfs_kern_mount(struct file_system_type *
sb = mnt->mnt_sb;
error = -EPERM;
- if (!capable(CAP_SYS_ADMIN) && !sb->s_bdev &&
+ if (!vx_capable(CAP_SYS_ADMIN, VXC_BINARY_MOUNT) && !sb->s_bdev &&
(sb->s_magic != PROC_SUPER_MAGIC) &&
(sb->s_magic != DEVPTS_SUPER_MAGIC))
goto out_sb;
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: ia64
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-4-itanium
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
--- End Message ---
--- Begin Message ---
Source: linux-2.6
Source-Version: 2.6.18.dfsg.1-13
We believe that the bug you reported is fixed in the latest version of
linux-2.6, which is due to be installed in the Debian FTP archive:
linux-2.6_2.6.18.dfsg.1-13.diff.gz
to pool/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13.diff.gz
linux-2.6_2.6.18.dfsg.1-13.dsc
to pool/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13.dsc
linux-doc-2.6.18_2.6.18.dfsg.1-13_all.deb
to pool/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-13_all.deb
linux-headers-2.6.18-5-all-sparc_2.6.18.dfsg.1-13_sparc.deb
to
pool/main/l/linux-2.6/linux-headers-2.6.18-5-all-sparc_2.6.18.dfsg.1-13_sparc.deb
linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13_sparc.deb
to pool/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13_sparc.deb
linux-headers-2.6.18-5-sparc32_2.6.18.dfsg.1-13_sparc.deb
to
pool/main/l/linux-2.6/linux-headers-2.6.18-5-sparc32_2.6.18.dfsg.1-13_sparc.deb
linux-headers-2.6.18-5-sparc64-smp_2.6.18.dfsg.1-13_sparc.deb
to
pool/main/l/linux-2.6/linux-headers-2.6.18-5-sparc64-smp_2.6.18.dfsg.1-13_sparc.deb
linux-headers-2.6.18-5-sparc64_2.6.18.dfsg.1-13_sparc.deb
to
pool/main/l/linux-2.6/linux-headers-2.6.18-5-sparc64_2.6.18.dfsg.1-13_sparc.deb
linux-headers-2.6.18-5-vserver-sparc64_2.6.18.dfsg.1-13_sparc.deb
to
pool/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-sparc64_2.6.18.dfsg.1-13_sparc.deb
linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13_sparc.deb
to
pool/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13_sparc.deb
linux-headers-2.6.18-5_2.6.18.dfsg.1-13_sparc.deb
to pool/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13_sparc.deb
linux-image-2.6.18-5-sparc32_2.6.18.dfsg.1-13_sparc.deb
to
pool/main/l/linux-2.6/linux-image-2.6.18-5-sparc32_2.6.18.dfsg.1-13_sparc.deb
linux-image-2.6.18-5-sparc64-smp_2.6.18.dfsg.1-13_sparc.deb
to
pool/main/l/linux-2.6/linux-image-2.6.18-5-sparc64-smp_2.6.18.dfsg.1-13_sparc.deb
linux-image-2.6.18-5-sparc64_2.6.18.dfsg.1-13_sparc.deb
to
pool/main/l/linux-2.6/linux-image-2.6.18-5-sparc64_2.6.18.dfsg.1-13_sparc.deb
linux-image-2.6.18-5-vserver-sparc64_2.6.18.dfsg.1-13_sparc.deb
to
pool/main/l/linux-2.6/linux-image-2.6.18-5-vserver-sparc64_2.6.18.dfsg.1-13_sparc.deb
linux-manual-2.6.18_2.6.18.dfsg.1-13_all.deb
to pool/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-13_all.deb
linux-patch-debian-2.6.18_2.6.18.dfsg.1-13_all.deb
to pool/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-13_all.deb
linux-source-2.6.18_2.6.18.dfsg.1-13_all.deb
to pool/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-13_all.deb
linux-support-2.6.18-5_2.6.18.dfsg.1-13_all.deb
to pool/main/l/linux-2.6/linux-support-2.6.18-5_2.6.18.dfsg.1-13_all.deb
linux-tree-2.6.18_2.6.18.dfsg.1-13_all.deb
to pool/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-13_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
dann frazier <[EMAIL PROTECTED]> (supplier of updated linux-2.6 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 21 May 2007 14:45:13 -0600
Source: linux-2.6
Binary: linux-image-2.6.18-5-s3c2410 linux-headers-2.6.18-5-all-s390
linux-headers-2.6.18-5-all-m68k linux-headers-2.6.18-5-xen-amd64
linux-image-2.6.18-5-iop32x linux-headers-2.6.18-5-all-alpha
linux-image-2.6.18-5-r5k-cobalt linux-image-2.6.18-5-r5k-ip32
linux-headers-2.6.18-5-vserver-686 linux-headers-2.6.18-5-xen-vserver
xen-linux-system-2.6.18-5-xen-686 linux-image-2.6.18-5-xen-amd64
linux-image-2.6.18-5-powerpc xen-linux-system-2.6.18-5-xen-vserver-686
linux-image-2.6.18-5-atari linux-headers-2.6.18-5-r3k-kn02
linux-headers-2.6.18-5-xen-vserver-amd64 linux-image-2.6.18-5-xen-vserver-686
linux-image-2.6.18-5-rpc linux-image-2.6.18-5-xen-686
linux-headers-2.6.18-5-vserver-s390x linux-image-2.6.18-5-parisc64-smp
linux-headers-2.6.18-5-parisc64 linux-image-2.6.18-5-r4k-ip22
linux-headers-2.6.18-5 linux-headers-2.6.18-5-r5k-ip32
linux-headers-2.6.18-5-r5k-cobalt linux-headers-2.6.18-5-all-mipsel
linux-headers-2.6.18-5-486 linux-headers-2.6.18-5-footbridge
linux-image-2.6.18-5-vserver-powerpc64 linux-manual-2.6.18
linux-image-2.6.18-5-xen-vserver-amd64 linux-image-2.6.18-5-vserver-sparc64
linux-headers-2.6.18-5-vserver-k7 linux-headers-2.6.18-5-mckinley
linux-headers-2.6.18-5-alpha-legacy linux-image-2.6.18-5-parisc-smp
linux-headers-2.6.18-5-vserver linux-headers-2.6.18-5-xen
linux-headers-2.6.18-5-rpc linux-modules-2.6.18-5-xen-686
linux-headers-2.6.18-5-k7 linux-image-2.6.18-5-r3k-kn02
linux-headers-2.6.18-5-qemu linux-headers-2.6.18-5-vserver-powerpc
linux-headers-2.6.18-5-all-sparc linux-headers-2.6.18-5-alpha-smp
linux-image-2.6.18-5-vserver-s390x linux-image-2.6.18-5-vserver-alpha
linux-image-2.6.18-5-vserver-amd64 linux-headers-2.6.18-5-all-powerpc
linux-headers-2.6.18-5-iop32x linux-image-2.6.18-5-footbridge
linux-image-2.6.18-5-prep linux-headers-2.6.18-5-all-amd64
linux-image-2.6.18-5-powerpc64 linux-image-2.6.18-5-sb1a-bcm91480b
linux-image-2.6.18-5-powerpc-smp linux-headers-2.6.18-5-all-arm
linux-headers-2.6.18-5-itanium linux-headers-2.6.18-5-amd64
linux-image-2.6.18-5-powerpc-miboot xen-linux-system-2.6.18-5-xen-vserver-amd64
linux-headers-2.6.18-5-686-bigmem linux-headers-2.6.18-5-prep
linux-headers-2.6.18-5-parisc-smp linux-headers-2.6.18-5-powerpc-miboot
linux-headers-2.6.18-5-powerpc64 linux-image-2.6.18-5-vserver-k7
linux-headers-2.6.18-5-vserver-powerpc64 linux-image-2.6.18-5-alpha-smp
linux-image-2.6.18-5-486 linux-headers-2.6.18-5-s390x
linux-image-2.6.18-5-itanium linux-image-2.6.18-5-686-bigmem
linux-headers-2.6.18-5-s390 linux-headers-2.6.18-5-mac
linux-headers-2.6.18-5-xen-vserver-686 linux-doc-2.6.18
linux-headers-2.6.18-5-sparc64 linux-image-2.6.18-5-parisc64
linux-headers-2.6.18-5-all-i386 linux-headers-2.6.18-5-powerpc-smp
linux-image-2.6.18-5-s390 linux-image-2.6.18-5-s390-tape
linux-image-2.6.18-5-vserver-powerpc linux-headers-2.6.18-5-parisc
linux-headers-2.6.18-5-xen-686 linux-headers-2.6.18-5-sparc64-smp
linux-headers-2.6.18-5-686 linux-source-2.6.18
linux-headers-2.6.18-5-vserver-alpha linux-image-2.6.18-5-alpha-legacy
linux-headers-2.6.18-5-sb1-bcm91250a linux-headers-2.6.18-5-ixp4xx
linux-image-2.6.18-5-amiga linux-image-2.6.18-5-alpha-generic
linux-modules-2.6.18-5-xen-vserver-686 linux-modules-2.6.18-5-xen-vserver-amd64
linux-image-2.6.18-5-r4k-kn04 linux-image-2.6.18-5-amd64
linux-headers-2.6.18-5-parisc64-smp linux-headers-2.6.18-5-powerpc
linux-image-2.6.18-5-ixp4xx linux-image-2.6.18-5-parisc linux-support-2.6.18-5
linux-image-2.6.18-5-sparc64 linux-image-2.6.18-5-mac
linux-headers-2.6.18-5-sparc32 linux-image-2.6.18-5-sparc64-smp
linux-image-2.6.18-5-686 linux-headers-2.6.18-5-alpha-generic
linux-headers-2.6.18-5-sb1a-bcm91480b linux-image-2.6.18-5-sb1-bcm91250a
linux-headers-2.6.18-5-r4k-ip22 linux-image-2.6.18-5-s390x
linux-patch-debian-2.6.18 xen-linux-system-2.6.18-5-xen-amd64
linux-headers-2.6.18-5-all-ia64 linux-headers-2.6.18-5-vserver-amd64
linux-headers-2.6.18-5-atari linux-image-2.6.18-5-vserver-686 linux-tree-2.6.18
linux-headers-2.6.18-5-amiga linux-image-2.6.18-5-sparc32
linux-headers-2.6.18-5-all-hppa linux-headers-2.6.18-5-s3c2410
linux-image-2.6.18-5-qemu linux-headers-2.6.18-5-r4k-kn04
linux-image-2.6.18-5-k7 linux-image-2.6.18-5-mckinley
linux-headers-2.6.18-5-all linux-headers-2.6.18-5-all-mips
linux-headers-2.6.18-5-vserver-sparc64 linux-modules-2.6.18-5-xen-amd64
Architecture: source sparc all
Version: 2.6.18.dfsg.1-13
Distribution: stable
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: dann frazier <[EMAIL PROTECTED]>
Description:
linux-doc-2.6.18 - Linux kernel specific documentation for version 2.6.18
linux-headers-2.6.18-5 - Common header files for Linux 2.6.18
linux-headers-2.6.18-5-all - All header files for Linux 2.6.18
linux-headers-2.6.18-5-all-sparc - All header files for Linux 2.6.18
linux-headers-2.6.18-5-sparc32 - Header files for Linux 2.6.18 on uniprocessor
sparc32 (sun4m)
linux-headers-2.6.18-5-sparc64 - Header files for Linux 2.6.18 on uniprocessor
64-bit UltraSPARC
linux-headers-2.6.18-5-sparc64-smp - Header files for Linux 2.6.18 on
multiprocessor 64-bit UltraSPARC
linux-headers-2.6.18-5-vserver - Common header files for Linux 2.6.18
linux-headers-2.6.18-5-vserver-sparc64 - Header files for Linux 2.6.18 on
uniprocessor 64-bit UltraSPARC
linux-image-2.6.18-5-sparc32 - Linux 2.6.18 image on uniprocessor sparc32
(sun4m)
linux-image-2.6.18-5-sparc64 - Linux 2.6.18 image on uniprocessor 64-bit
UltraSPARC
linux-image-2.6.18-5-sparc64-smp - Linux 2.6.18 image on multiprocessor 64-bit
UltraSPARC
linux-image-2.6.18-5-vserver-sparc64 - Linux 2.6.18 image on uniprocessor
64-bit UltraSPARC
linux-manual-2.6.18 - Linux kernel API manual pages for version 2.6.18
linux-patch-debian-2.6.18 - Debian patches to version 2.6.18 of the Linux
kernel
linux-source-2.6.18 - Linux kernel source for version 2.6.18 with Debian
patches
linux-support-2.6.18-5 - Support files for Linux 2.6.18
linux-tree-2.6.18 - Linux kernel source tree for building Debian kernel images
Closes: 404148 406111 412092 412132 412957 417629 417631 418076 418344 421281
421283
Changes:
linux-2.6 (2.6.18.dfsg.1-13) stable; urgency=high
.
[ Bastian Blank ]
* [vserver] Fix overflow in network accounting. (closes: #412132)
* [vserver] Fix lock accounting. (closes: #417631)
* Bump ABI to 5.
* Make modules packages binnmuable.
* [sparc] Enable Qlogic QLA SCSI support. (closes: #417629)
.
[ dann frazier ]
* bugfix/listxattr-mem-corruption.patch
[SECURITY] Fix userspace corruption vulnerability caused by
incorrectly promoted return values in bad_inode_ops
This patch changes the kernel ABI.
See CVE-2006-5753
* bugfix/all/vserver/net-mount-fix.patch
Fix mounting of network filesystems with VX_BINARY_MOUNT caps
(closes: #418076)
* Disable broken CONFIG_IP_ROUTE_MULTIPATH_CACHED setting. (closes: #418344)
* bugfix/ipv6-disallow-RH0-by-default.patch
[SECURITY] Avoid a remote DoS (network amplification between two routers)
by disabling type0 IPv6 route headers by default. Can be re-enabled via
a sysctl interface. Thanks to Vlad Yasevich for porting help.
This patch changes the kernel ABI.
See CVE-2007-2242
* Fix an oops which potentially results in data corruption in the gdth
driver.
(closes: #412092)
* bugfix/amd64-make-gart-ptes-uncacheable.patch
Fix silent data corruption using GART iommu (closes: #404148)
.
[ maximilian attems ]
* Backport support for i965 to agp too. (closes: #406111)
* Compile fix for UML CONFIG_MODE_TT=y. (closes: #412957)
* Fix ide-generic jmicron device conflict. (closes: #421281)
.
[ Martin Michlmayr ]
* Fix wrong checksum for split TCP packets on 64-bit MIPS. (closes: #421283)
Files:
bace339ea7b8ed7ebabfed5461700f0f 5662 devel optional
linux-2.6_2.6.18.dfsg.1-13.dsc
f87cdba57dbd2fbbdbd2c818d8ecf0ad 5340463 devel optional
linux-2.6_2.6.18.dfsg.1-13.diff.gz
10876bd3f3217b213c5bb42384300773 3585346 doc optional
linux-doc-2.6.18_2.6.18.dfsg.1-13_all.deb
ce5c380eed7833b6adbb38da2a086b08 1077592 doc optional
linux-manual-2.6.18_2.6.18.dfsg.1-13_all.deb
ef07084ee13d812a37317bab6a52101d 1463436 devel optional
linux-patch-debian-2.6.18_2.6.18.dfsg.1-13_all.deb
af7a7c93b556879b4bb4a91045910032 41418284 devel optional
linux-source-2.6.18_2.6.18.dfsg.1-13_all.deb
4c1f3a1c6f499a0fe5ee9b23f5356239 3778070 devel optional
linux-support-2.6.18-5_2.6.18.dfsg.1-13_all.deb
40bf6574840570f5f505dabc14e3a676 50596 devel optional
linux-tree-2.6.18_2.6.18.dfsg.1-13_all.deb
21b8e6b3cef5f7251cb86f25d7729c6f 50156 devel optional
linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13_sparc.deb
1c88897eef382c74675db7a121a7a533 50178 devel optional
linux-headers-2.6.18-5-all-sparc_2.6.18.dfsg.1-13_sparc.deb
737f695dc20acb18931c56bcd36839e0 3164004 devel optional
linux-headers-2.6.18-5_2.6.18.dfsg.1-13_sparc.deb
ddb8850e99a1a82c8bce9c935dbf4052 6405780 admin optional
linux-image-2.6.18-5-sparc32_2.6.18.dfsg.1-13_sparc.deb
9463625de5329fa62b000e1d38dba5a2 161410 devel optional
linux-headers-2.6.18-5-sparc32_2.6.18.dfsg.1-13_sparc.deb
779baff1bd7871c66bbd75deb9a5a5b8 10350008 admin optional
linux-image-2.6.18-5-sparc64_2.6.18.dfsg.1-13_sparc.deb
72918c0468a4042aa9dbd23a492719f0 190640 devel optional
linux-headers-2.6.18-5-sparc64_2.6.18.dfsg.1-13_sparc.deb
d8fa404ae02cf9915d2efc5b262d11a0 10610286 admin optional
linux-image-2.6.18-5-sparc64-smp_2.6.18.dfsg.1-13_sparc.deb
a993b8698acf372781a7704101551f1c 191342 devel optional
linux-headers-2.6.18-5-sparc64-smp_2.6.18.dfsg.1-13_sparc.deb
95d8e55cc3affd99dabc5372f9498715 3186368 devel optional
linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13_sparc.deb
fc344edcbfc6cfdb3d21a15aca40abab 10656040 admin optional
linux-image-2.6.18-5-vserver-sparc64_2.6.18.dfsg.1-13_sparc.deb
92926d78fa4bed7a1b4f29d504f39775 191774 devel optional
linux-headers-2.6.18-5-vserver-sparc64_2.6.18.dfsg.1-13_sparc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGU6oahuANDBmkLRkRAtkTAJ9XkEkwaoVsvcB5UIqXnytJkzZsIgCdHpYV
az5T87l0ws9BGxLre1iPsck=
=7tsc
-----END PGP SIGNATURE-----
--- End Message ---
