GnuPG 1.4.10 RC1 available from Debian Experimental
Hi, The recent release candidate 1 for GnuPG 1.4.10 has been packaged and uploaded to Debian's experimental distribution, in order to facilitate testing. If you wish, please try it out and of course report bugs found. All cautions around release candidates and the experimental distribution of course apply. See: http://packages.debian.org/experimental/gnupg cheers, Thijs signature.asc Description: This is a digitally signed message part.
Re: GnuPG 1.4.10 RC1 available from Debian Experimental
Forwarding to debian-devel too. Hi, The recent release candidate 1 for GnuPG 1.4.10 has been packaged and uploaded to Debian's experimental distribution, in order to facilitate testing. If you wish, please try it out and of course report bugs found. All cautions around release candidates and the experimental distribution of course apply. See: http://packages.debian.org/experimental/gnupg With this (pre-)release, almost all patches applied to the Debian package have been integrated upstream and a *lot* of bugs and issues have been fixed (closing 25 Debian/Ubuntu bug reports). This release further comes with hkps support (HKP over SSL) [1,2]. So please help testing [3] the upcoming GnuPG 1.4.10 release and send us an report, if you observe issues. [1] http://lists.gnupg.org/pipermail/gnupg-devel/2009-August/025289.html [2] http://bugs.debian.org/519333 [3] https://bugs.g10code.com/gnupg/issue931 (for example) Regards, Daniel -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: [SECURITY] [DSA 1864-1] New Linux 2.6.24 packages fix privilege escalation
Buenas tardes. Creo que es el mismo error del otro dia, el id es el mismo, de eso estoy seguro. CVE Id(s) : CVE-2009-2692 Aun asi mañana miraré si hay un nuevo kernel o no. Un saludo -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1864-1secur...@debian.org http://www.debian.org/security/ Dann Frazier Aug 16, 2009http://www.debian.org/security/faq - -- Package: linux-2.6.24 Vulnerability : privilege escalation Problem type : local Debian-specific: no CVE Id(s) : CVE-2009-2692 A vulnerability has been discovered in the Linux kernel that may lead to privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problem: CVE-2009-2692 Tavis Ormandy and Julien Tinnes discovered an issue with how the sendpage function is initialized in the proto_ops structure. Local users can exploit this vulnerability to gain elevated privileges. For the oldstable distribution (etch), this problem has been fixed in version 2.6.24-6~etchnhalf.8etch3. We recommend that you upgrade your linux-2.6.24 packages. Note: Debian 'etch' includes linux kernel packages based upon both the 2.6.18 and 2.6.24 linux releases. All known security issues are carefully tracked against both packages and both packages will receive security updates until security support for Debian 'etch' concludes. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, lower severity 2.6.18 and 2.6.24 updates will typically release in a staggered or leap-frog fashion. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Oldstable updates are available for alpha, amd64, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. The arm update will be released once the build becomes available. Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.8etch3.dsc Size/MD5 checksum: 5117 260db0dd510bc8ae520d70d8f2d777a7 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.8etch3.diff.gz Size/MD5 checksum: 4042082 086b8b219adb642aea83d54aff143ca4 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24.orig.tar.gz Size/MD5 checksum: 59630522 6b8751d1eb8e71498ba74bbd346343af Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-support-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.8etch3_all.deb Size/MD5 checksum:97098 e4397c771b232a614bb9a71bedcdbb95 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patch-debian-2.6.24_2.6.24-6~etchnhalf.8etch3_all.deb Size/MD5 checksum: 932316 e2a6efbb1a3efbfead7ed4c0ce505b07 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manual-2.6.24_2.6.24-6~etchnhalf.8etch3_all.deb Size/MD5 checksum: 1544288 aa3d7bda9d030128966127256dcbcee2 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-source-2.6.24_2.6.24-6~etchnhalf.8etch3_all.deb Size/MD5 checksum: 46863740 a61a335af22645db849cd8eb505ac0af http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree-2.6.24_2.6.24-6~etchnhalf.8etch3_all.deb Size/MD5 checksum:82706 155fbfde7a84b13d3ec47e736974417f http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc-2.6.24_2.6.24-6~etchnhalf.8etch3_all.deb Size/MD5 checksum: 4262452 a52a4d41a03e278f55b4a8a25d9ef4a8 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-alpha_2.6.24-6~etchnhalf.8etch3_alpha.deb Size/MD5 checksum:82304 48ea456ff4fe13e7f31da69a7dc35ba0 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.8etch3_alpha.deb Size/MD5 checksum: 328286 f16d82a2cca45c9f72c54e0089c525f4 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.8etch3_alpha.deb Size/MD5 checksum: 26639542 32dd7c467e6d7587535cfe64931ceb0c
Re: [SECURITY] [DSA 1864-1] New Linux 2.6.24 packages fix privilege escalation
On Sun, Aug 16, 2009 at 07:00:59PM +0200, marodrig...@grupogdt.com wrote: Buenas tardes. Creo que es el mismo error del otro dia, el id es el mismo, de eso estoy seguro. CVE Id(s) : CVE-2009-2692 Aun asi mañana miraré si hay un nuevo kernel o no. Un saludo The previous fix was for lenny's 2.6.26 kernel. This fix is for etch's 2.6.24 kernel. -- dann frazier -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Syntax for DSA (was: [SECURITY] [DSA 1865-1] New Linux 2.6.18)
Dear security team, From one DSA to another, the syntax changes a bit, and it makes the current import script not happy, and same with me :-) BTW, did you have a look at http://lists.debian.org/debian-security/2009/07/msg00096.html ? On Sun, Aug 16, 2009 at 02:52:35PM -0600, dann frazier wrote: -- Debian Security Advisory DSA-1865-1secur...@debian.org ^^Sometimes, -1 is ommited (yes we may consider ommited as -1 by default if you want to) Aug 16, 2009http://www.debian.org/security/faq ^^ August is expected here (full month name). Package: linux-2.6 [..] Upgrade instructions [..] The following matrix lists additional source packages that were rebuilt for compatability with or to take advantage of this update: Debian 4.0 (etch) fai-kernels 1.17+etch.24etch3 user-mode-linux 2.6.18-1um-2etch.24etch3 You may use an automated update by adding the resources from the footer to the proper configuration. Please put this notice before the paragraph about upgrade instructions if you want to be available on the web page. Or tell the exact syntax to use so that we can extract it from the upgrade paragraph. Debian GNU/Linux 4.0 alias etch --- Oldstable updates are available for alpha, amd64, hppa, i386, ia64, mipsel, powerpc, s390 and sparc. Updates for arm and mips will be released as they become available. Please put this notice before the paragraph about upgrade instructions if you want to be available on the web page. Source archives: [..] These changes will probably be included in the oldstable distribution on its next update. Same remark here. -- Simon Paillard -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org