[Technik] [SECURITY] [DSA 1450-1] New util-linux packages fix programming error
Noèl Köthe
noel at debian.org
Fri Jan 11 20:10:38 CET 2008
Am Samstag, den 05.01.2008, 15:10 +0000 schrieb Steve Kemp:
> Debian Security Advisory DSA-1450-1 security at debian.org
> http://www.debian.org/security/ Steve Kemp
> January 05, 2008 http://www.debian.org/security/faq
>
> Package : util-linux
> Vulnerability : programming error
> Problem type : local
> Debian-specific: no
> CVE Id(s) : CVE-2007-5191
> Debian Bug : XXX
util-linux auf allen unseren Rechnern (wir setzten ausschliesslich
Debian GNU/Linux etch und sarge ein) aktualisiert.
> For the stable distribution (etch), this problem has been fixed in version
> 2.12r-19etch1.
changelog:
util-linux (2.12r-19etch1) stable-security; urgency=high
* Non-maintainer upload by the security team
* Fix privilege escalation by calling setuid() and setgid() in the
wrong order and not checking the return values in mount and umount
Fixes: CVE-2007-5191
-- Steffen Joeris <white at debian.org> Sat, 22 Dec 2007 13:42:01 +0000
> For the old stable distribution (sarge), this problem has been fixed in
> version 2.12p-4sarge2.
changelog:
util-linux (2.12p-4sarge2) oldstable-security; urgency=high
* Non-maintainer upload by the security team
* Fix privilege escalation by calling setuid() and setgid() in the
wrong order and not checking the return values in mount and umount
Fixes: CVE-2007-5191
-- Steffen Joeris <white at debian.org> Sat, 22 Dec 2007 13:29:41 +0000
--
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20080111/274f3f3b/attachment.pgp
More information about the Technik
mailing list