[Technik] [SECURITY] [DSA 1617-1] New refpolicy packages fix incompatible policy

Wed Jul 30 00:50:01 CEST 2008

Am Freitag, den 25.07.2008, 06:29 +0000 schrieb Devin Carraway:

> Debian Security Advisory DSA-1617-1                  security at debian.org
> http://www.debian.org/security/                           Devin Carraway
> July 25, 2008                         http://www.debian.org/security/faq
> 
> Package        : refpolicy
> Vulnerability  : incompatible policy
> Problem type   : local
> Debian-specific: no
> CVE Id(s)      : CVE-2008-1447
> Debian Bug     : 490271

refpolicy auf yuma, cree, yuki und wasco aktualisiert.

> For the stable distribution (etch), this problem has been fixed in
> version 0.0.20061018-5.1+etch1.  The unstable distribution (sid) is

changelog:
refpolicy (0.0.20061018-5.1+etch1) stable-security; urgency=high

  * Non-maintainer upload by the security team.
  * Allow named_t to bind to all UDP ports, not just the DNS port;
    this enables DNS port randomization, introduced by bind9
    1:9.3.4-2etch3 in response to DSA-1603-1 / CVE-2008-1447.  The
    change does not represent a vulnerability in refpolicy, rather
    a compatibility fix for an urgent and widely-deployed package.
    (Closes: #490271).
  * Upgrade the bind policy module at upgrade, if and only if the
    previously-installed refpolicy package was <= 0.0.20061018-5

 -- Devin Carraway <devin at debian.org>  Sat, 12 Jul 2008 09:33:09 +0000

-- 
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20080730/c97f6439/attachment.pgp 