r1006 - html/trunk/lfs/errata/6.4

bdubbs Sun, 26 Apr 2009 15:15:46 -0700

Author: bdubbs
Date: 2009-04-26 15:51:39 -0600 (Sun, 26 Apr 2009)
New Revision: 1006


Modified:
   html/trunk/lfs/errata/6.4/index.html
Log:
Add udev security patch to errata

Modified: html/trunk/lfs/errata/6.4/index.html
===================================================================
--- html/trunk/lfs/errata/6.4/index.html        2009-04-20 19:36:04 UTC (rev 
1005)
+++ html/trunk/lfs/errata/6.4/index.html        2009-04-26 21:51:39 UTC (rev 
1006)
@@ -24,6 +24,19 @@
 
          <!-- <li>There are no current errata items for LFS 6.4.</li> -->
 
+           <li><b>SECURITY UPDATE.</b> 
+           Two vulnerabilities in udev-130 have recently come to light, 
labelled
+           as CVE-2009-118{5,6}.  The first applies to ALL previous versions of
+           udev, and allows a local user to gain root privileges by passing
+           unicast messages to udev.  The second only applies to more-recent
+           versions of udev, and is a potential denial of service from a buffer
+           overflow.  The patch for udev-130 is found at:
+
+           <a 
href="http://www.linuxfromscratch.org/patches/downloads/udev/udev-130-security_fixes-1.patch";>http://www.linuxfromscratch.org/patches/downloads/udev/udev-130-security_fixes-1.patch</a>
+
+           </li>
+
+
            <li>
          
              <p>In section 3.2, All Packages, the location of the Glibc 
snapshot

-- 
http://linuxfromscratch.org/mailman/listinfo/website
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page

r1006 - html/trunk/lfs/errata/6.4

Reply via email to