On Tue, May 14, 2013 at 09:36:12AM -0700, John Andreasson wrote:
Hi.
Was just alerted of a kernel bug in RHEL [1], but when testing the sample
code on Wheezy as an unprivileged user it successfully gives me a root
prompt. Kind of suboptimal. :-(
Any idea when this is fixed?
We're
On Thu, May 10, 2012 at 03:39:58AM -0700, Mark Rushing wrote:
This mistake made it onto a few machines here before I noticed and
came to check... it's an okay update to have installed, in the
meantime though, yes? I mean, it's not some untested
work-in-progress that slipped in... that I
On Thu, May 10, 2012 at 04:46:25PM +0100, Pedro Mendes Jorge wrote:
On 05/10/2012 02:47 PM, dann frazier wrote:
On Thu, May 10, 2012 at 03:39:58AM -0700, Mark Rushing wrote:
This mistake made it onto a few machines here before I noticed and
came to check... it's an okay update to have
On Wed, Feb 01, 2012 at 02:32:19PM +, Ben Hutchings wrote:
On Wed, 2012-02-01 at 10:51 +0100, Yves-Alexis Perez wrote:
On mer., 2012-02-01 at 10:34 +0100, Wouter Verhelst wrote:
On Wed, Feb 01, 2012 at 10:24:40AM +0100, Yves-Alexis Perez wrote:
On mar., 2012-01-31 at 11:01 -0500,
On Sat, Jun 18, 2011 at 11:28:25PM -0400, Eric d'Halibut wrote:
Hi Dann,
PMFJI...
On 6/18/11, dann frazier da...@debian.org wrote:
However, given the high frequency at which low-severity security
issues are discovered in the kernel and the resource requirements of
doing an update
On Wed, Feb 16, 2011 at 07:59:16AM -0200, Henrique de Moraes Holschuh wrote:
On Wed, 16 Feb 2011, Pascal Hambourg wrote:
Johan Grönqvist a écrit :
2011-02-15 22:46, Kelly Dean skrev:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2943 was
published Sept 30, 2010, and says
Dan and others have been finding several issues like this
lately. Debian is tracking them and we will include fixes in a future
kernel update. As this class of issue is relatively minor and
frequent, we don't push out a kernel update immedatiately each time
one pops up. Rather, we queue them until
--
dann frazier
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100311231422.gd22...@lackof.org
On Wed, Mar 10, 2010 at 02:18:38PM -0500, Daniel Kahn Gillmor wrote:
Hi Debian Security folks--
On 03/10/2010 01:18 PM, dann frazier wrote:
Debian Security Advisory DSA-2010 secur...@debian.org
http
On Wed, Mar 10, 2010 at 04:09:48PM -0500, Daniel Kahn Gillmor wrote:
On 03/10/2010 02:49 PM, dann frazier wrote:
On Wed, Mar 10, 2010 at 02:18:38PM -0500, Daniel Kahn Gillmor wrote:
It's not clear to me from the instructions above whether users should
re-build their kvm modules package
commands as root after the new packages are
installed:
# m-a a-i kvm-source
# modprobe kvm
If kvm is running, the above commands will succeed w/o error - but
still leave you with a vulnerable system.
You would need to shutdown all users of kvm and unload the existing
module as well.
--
dann
On Sun, Feb 28, 2010 at 08:53:30PM -0700, dann frazier wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA-2004-1secur...@debian.org
http://www.debian.org/security
it up here:
http://svn.debian.org/wsvn/kernel-sec
--
dann frazier
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100219153956.ga2...@lackof.org
need to create it.
You can view the current value in /proc:
# cat /proc/sys/vm/mmap_min_addr
What is the right way to proceed? Should I be looking at upgrading my servers?
Thanks!
John
--
dann frazier
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
.
--
dann frazier
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
.
--
dann frazier
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
for lenny (not sure
where your 2.6.22 version came from, but i would recommend installing
an official kernel package instead of that one; otherwise you have no
security support at all).
mike
--
dann frazier
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
is
the 2.6.24 fix listed but 2.6.18 is not? Is 2.6.24 considered as the
'default' etch kernel?
2.6.18 and 2.6.24 are equally supported for etch.
--
dann frazier
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas
On Mon, Aug 17, 2009 at 02:20:24PM +, Harald Weidner wrote:
Hello,
dann frazier da...@dannf.org:
The previous fix was for lenny's 2.6.26 kernel. This fix is for etch's
2.6.24 kernel.
Will there also be a fix for etch's 2.6.18 kernel?
http://lists.debian.org/debian-security-announce
/msg00096.html ?
I haven't personally looked at this, though personally I think a more
structured DTD would be cool. fyi, you might want to cc
t...@security.debian.org when you want you are directing mail to the
security team.
On Sun, Aug 16, 2009 at 02:52:35PM -0600, dann frazier wrote
was for lenny's 2.6.26 kernel. This fix is for etch's
2.6.24 kernel.
--
dann frazier
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
-list please) about which flavor you are
testing. Thanks!
--
dann frazier
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
lenny-proposed-security-updates main
If you are interested in participating, please upgrade your system and
send me an e-mail (off-list please) about which flavor you are
testing. Thanks!
--
dann frazier
signature.asc
Description: Digital signature
On Fri, Dec 12, 2008 at 08:53:43AM +, Marcin Owsiany wrote:
On Thu, Dec 11, 2008 at 12:11:05PM -0700, dann frazier wrote:
On Thu, Dec 11, 2008 at 06:49:59PM +, Dominic Hargreaves wrote:
On Thu, Dec 11, 2008 at 11:38:28AM -0700, dann frazier wrote:
Yes - 2.6.18 is in stable
On Thu, Dec 11, 2008 at 06:49:59PM +, Dominic Hargreaves wrote:
On Thu, Dec 11, 2008 at 11:38:28AM -0700, dann frazier wrote:
Yes - 2.6.18 is in stable, and as such will be security supported for
at least another year. Minor/local DoS security issues in the kernel
are very frequent, so
On Thu, Dec 11, 2008 at 05:06:52PM +, Dominic Hargreaves wrote:
On Thu, Dec 04, 2008 at 10:59:11AM -0700, dann frazier wrote:
Package: linux-2.6.24
Vulnerability : denial of service/privilege escalation
Problem type : local/remote
Debian-specific: no
CVE Id(s
the status of individual issues by CVE name here:
http://security-tracker.debian.net/tracker/
--
dann frazier
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
will update the internal database apt-get upgrade
will install corrected packages
Its correct in the archives - maybe an issue on your end?
http://lists.debian.org/debian-security-announce/2008/msg00245.html
--
dann frazier
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
concern, Max.
I will wait for a response from security or release team before working
more on this.
Jonas,
Your patch (w/o the firewire changes, as Maks points out), looks
good to me. Please go ahead and upload to stable.
--
dann frazier
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED
x86_64
Is it something I am not doing right?
Are you sure you're running a debian-provided kernel?
I'd expect to see something like 2.6.18-6-xen-amd64 in the uname.
--
dann frazier
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
-3915 was added between 2.6.18 and
2.6.19. Fixes for CVE-2008-3276 and CVE-2007-6716 are pending for the
next 2.6.18 update.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3915
Simon Valiquette
--
dann frazier
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
binary modules. It is true that sarge is no longer security
supported, but since this was a regression caused by a security update
we went ahead and released the fix.
--
dann frazier
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
/attachment.cgi?id=294062
--
dann frazier
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Mon, May 12, 2008 at 11:52:27PM +0100, Dominic Hargreaves wrote:
On Mon, May 12, 2008 at 03:13:14PM -0600, dann frazier wrote:
Vulnerability : denial of service
CVE-2008-1669
Alexander Viro discovered a race condition in the fcntl code that
may permit local users
as a security update, and we're not going to get the security
team to release a security update for a non-security issue.
--
dann frazier
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
to be proud
that our N isn't as long as someone else's N, but we can certainly be
proud to have honored the commitment we made to our users.
Using # of years of support as a measurement of goodness is as silly
as using # of advisories as a measurement of an OS's secureness.
--
dann frazier
even filesystem corruption at least with ext2 filesystem.
Thanks for the report. There will be another update soon to fix this
issue.
--
dann frazier
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
to the stable
upgrade.
The last DSA included one that should work (6etch3) - it was released
via security and is pending in proposed-updates.
--
dann frazier
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
://security-tracker.debian.net/tracker/CVE-2008-0001
It is pending the next kernel update, as you can see here:
http://people.debian.org/~dannf/kernel-sec-status.html
--
dann frazier
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
) or
2.6.18.dfsg.1-13etch6 (DSA 1436) have been merged.
Is this an omission in the changelog, or should one expect a new DSA soon?
The changelog entries for 13etch5 and 13etch6 are included in the -17
changelog, there just isn't an explicit separate note about the merge.
--
dann frazier
On Mon, Dec 10, 2007 at 10:51:52PM -0700, dann frazier wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1428-1[EMAIL PROTECTED]
http://www.debian.org/security
On Wed, Oct 10, 2007 at 09:15:42AM -0700, Mike Bird wrote:
On Tuesday 02 October 2007 19:07, dann frazier wrote:
At the time of this DSA, only the build for the amd64 architecture is
available. Due to the severity of the amd64-specific issues, we are
releasing an incomplete update
the debian-user list or VMware, Inc.
--
dann frazier
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
?
Wouldn't a better option be to teach fail2ban how to parse the last
message repeated.. messages?
--
dann frazier
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Thu, Aug 16, 2007 at 09:44:12AM +0200, Bj?rn Mork wrote:
dann frazier [EMAIL PROTECTED] writes:
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
On Thu, Aug 16, 2007 at 09:34:58AM +0100, Dominic Hargreaves wrote:
On Thu, Aug 16, 2007 at 09:44:12AM +0200, Bj?rn Mork wrote:
dann frazier [EMAIL PROTECTED] writes:
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
change was introduced by the security update I'd agree -
but technically it was introduced by 4.0r1 (which includes rebuilds of
the various linux-modules- packages). The ABI change is noted in the
4.0r1 announcement.
--
dann frazier
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
://security.debian.org/ sarge/updates main
Any ideas why?
Looks fine to me, what problem are you seeing?
Are you sure you have the proper meta packages installed to deal with
ABI changing updates (e.g., kernel-image-2.6-686)?
--
dann frazier
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
-O - \
http://security.debian.org/dists/sarge/updates/main/binary-i386/Packages.gz \
2 /dev/null | gunzip | grep kernel-image-2.6-386
Package: kernel-image-2.6-386
Filename:
pool/updates/main/k/kernel-latest-2.6-i386/kernel-image-2.6-386_101sarge2_i386.deb
seems fine to me...
--
dann frazier
On Fri, Jun 15, 2007 at 07:16:00PM +0200, Willi Mann wrote:
However, the advisory is still missing.
Yes, so are 3 archs - we're working on it :)
If you're curious, you can see the draft dsa text here:
svn cat svn://svn.debian.org/svn/kernel-sec/dsa-texts/2.6.8-sarge7
--
dann frazier
by hand, and of course they are free to do so.
But, imo, Debian should document a single recommended procedure - and
direct execution of dpkg isn't something I'd recommend.
--
dann frazier
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
for all of these issues.
--
dann frazier
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
for your reply. Once this is accepted upstream, I think it is
reasonable to do another sarge update to restore this functionality.
--
dann frazier
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
/git/torvalds/linux-2.6.git;a=commitdiff;h=00a2b0f6dd2372842df73de72d51621b539fea44
--
dann frazier
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
the idiot-proof factor. Yes, they can ignore the
popups, but they come so quickly that even the most stubborn user will
get sick of them and reboot. I'd hate it if I was a Windows user,
though, I'm sure!
Would this help?
http://lists.debian.org/debian-devel/2006/08/msg00629.html
--
dann
Size/MD5 checksum: 528482 674bc0f5a55b5a9c089776946881912e
--
dann frazier
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
. But to reiterate, if
something in a kernel update causes the patch to no longer apply, I
would want to have a reliable contact (hopefully 2 people) whom we can
call upon for assistance.
--
dann frazier
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL
merged upstream in
2.6.
--
dann frazier
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Mon, Jul 17, 2006 at 06:13:28PM +0200, Moritz Muehlenhoff wrote:
There hasn't been an ABI change this time, so this wasn't necessary.
Explained here:
http://wiki.debian.org/DebianKernelABIChanges
--
dann frazier
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe
this in the kernel DSAs; I'll try to correct this
next time.
--
dann frazier
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Sun, May 21, 2006 at 01:55:27PM +0900, Seiji Kaneko wrote:
Please re-issue this DSA. It is just broken.
How so?
--
dann frazier
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
be anything beyond this update.
--
dann frazier
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
to mitre's attention.
And is there any public status / shape information on the debian kernels?
For issue-by-issue status, see svn://svn.debian.org/svn/kernel/patch-tracking
--
dann frazier
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL
On Fri, Mar 24, 2006 at 09:29:01AM -0500, Deepak Goel wrote:
(sarge)
Is the k7 package incorrectly uploaded by any chance?
The Packages file looks fine to me..
Do you have kernel-image-2.6-k7 installed? The updated version
of this package should pull in the kernel-image-2.6.8-3-k7 update.
On Fri, Mar 24, 2006 at 10:00:11AM -0500, Kevin B. McCarty wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
For those running a Sparc with 2.4 kernel, it doesn't look like the
metapackages kernel-image-2.4-sparc{32,64}{,-smp} have been updated
correctly for Sarge -- they still depend
On Tue, 2005-12-20 at 00:07 +0100, Johann Glaser wrote:
Hi!
Am Mittwoch, den 14.12.2005, 23:34 +0100 schrieb Martin Schulze:
[...]
Debian Security Advisory DSA 922-1 [EMAIL PROTECTED]
[...]
CVE IDs: CVE-2004-2302 CVE-2005-0756 CVE-2005-0757 CVE-2005-1265
On Wed, 2005-09-07 at 10:07 -0700, peace bwitchu wrote:
Are the kernel packages in Sarge currently supported
by the security team? I know that support for the
kernel packages in Woody were dropped and you needed
to roll your own for security updates. Is this how it
is going to be in Sarge
67 matches
Mail list logo