Wrong list dude On Thu, Aug 27, 2009 at 2:11 PM, morla <[email protected]> wrote:
> dann frazier wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > - ---------------------------------------------------------------------- > > Debian Security Advisory DSA-1862-1 [email protected] > > http://www.debian.org/security/ dann frazier > > Aug 14, 2009 http://www.debian.org/security/faq > > - ---------------------------------------------------------------------- > > > > Package : linux-2.6 > > Vulnerability : privilege escalation > > Problem type : local > > Debian-specific: no > > CVE Id(s) : CVE-2009-2692 > > > > A vulnerability has been discovered in the Linux kernel that may lead > > to privilege escalation. The Common Vulnerabilities and Exposures project > > identifies the following problem: > > > > CVE-2009-2692 > > > > Tavis Ormandy and Julien Tinnes discovered an issue with how the > > sendpage function is initialized in the proto_ops structure. > > Local users can exploit this vulnerability to gain elevated > > privileges. > > > > For the stable distribution (lenny), this problem has been fixed in > > version 2.6.26-17lenny2. > > > > For the oldstable distribution (etch), this problem will be fixed in > > updates to linux-2.6 and linux-2.6.24. > > > > We recommend that you upgrade your linux-2.6 and user-mode-linux > > packages. > > > > Note: Debian carefully tracks all known security issues across every > > linux kernel package in all releases under active security support. > > However, given the high frequency at which low-severity security > > issues are discovered in the kernel and the resource requirements of > > doing an update, updates for lower priority issues will normally not > > be released for all kernels at the same time. Rather, they will be > > released in a staggered or "leap-frog" fashion. > > > > Upgrade instructions > > - -------------------- > > > > wget url > > will fetch the file for you > > dpkg -i file.deb > > will install the referenced file. > > > > If you are using the apt-get package manager, use the line for > > sources.list as given below: > > > > apt-get update > > will update the internal database > > apt-get upgrade > > will install corrected packages > > > hey, > > i think i am missing something over here.... > > i got lotza debian boxes here that run: > > $ uname -a > Linux srvdeb-1 2.6.26-1-686-bigmem #1 SMP Fri Mar 13 18:52:29 UTC 2009 > i686 GNU/Linux > > > when i > $ aptitude update ; aptitude safe-upgrade > or > $ apt-get update ; apt-get upgrade > > it tells me that im up 2 date. but in this release the bug is still > included,.,. > > > i had to install "linux-image-2.6.26-2-686-bigmem" via > $ aptitude install linux-image-2.6.26-2-686-bigmem > by hand. > > why is this? and how do i ensure that im not being fooled by aptitude or > apt? > > > regards, > > moe > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
