Debian Bug report logs - #601747
RDS protocol vulnerability

version graph

Package: linux-2.6; Maintainer for linux-2.6 is Debian Kernel Team <debian-kernel@lists.debian.org>;

Reported by: Hideki Yamane <henrich@debian.or.jp>

Date: Fri, 29 Oct 2010 09:09:02 UTC

Severity: critical

Tags: moreinfo, patch, security

Fixed in version 2.6.32-26

Done: Hideki Yamane <henrich@debian.or.jp>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>:
Bug#601747; Package linux-2.6. (Fri, 29 Oct 2010 09:09:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Hideki Yamane <henrich@debian.or.jp>:
New Bug report received and forwarded. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>. (Fri, 29 Oct 2010 09:09:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Hideki Yamane <henrich@debian.or.jp>
To: submit@bugs.debian.org
Subject: RDS protocol vulnerability
Date: Fri, 29 Oct 2010 18:07:13 +0900
Package: linux-2.6
Version: 2.6.32-26
Severity: critical
Tags: security, patch

Hi,

 You know, RDS protocol vulnerability was found in Linux kernel.
 US-Cert says (http://www.kb.cert.org/vuls/id/362983)

> The RDS protocol implementation of Linux kernels 2.6.30 through
> 2.6.38-rc8 contain a local privilege escalation vulnerability.

 And the patch from upstream git
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff_plain;h=799c10559d60f159ab2232203f222f18fa3c4a5f
 can apply to 2.6.32-26 with 1 hunk, please check it.

 thanks.




Added tag(s) pending. Request was from Maximilian Attems <maks@alioth.debian.org> to control@bugs.debian.org. (Fri, 29 Oct 2010 09:42:02 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>:
Bug#601747; Package linux-2.6. (Fri, 29 Oct 2010 15:12:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>. (Fri, 29 Oct 2010 15:12:03 GMT) Full text and rfc822 format available.

Message #12 received at 601747@bugs.debian.org (full text, mbox):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: Hideki Yamane <henrich@debian.or.jp>, 601747@bugs.debian.org
Subject: Re: Bug#601747: RDS protocol vulnerability
Date: Fri, 29 Oct 2010 16:10:35 +0100
tag 601747 + moreinfo
thanks

On Fri, 2010-10-29 at 18:07 +0900, Hideki Yamane wrote:
> Package: linux-2.6
> Version: 2.6.32-26
>  You know, RDS protocol vulnerability was found in Linux kernel.
>  US-Cert says (http://www.kb.cert.org/vuls/id/362983)
> 
> > The RDS protocol implementation of Linux kernels 2.6.30 through
> > 2.6.38-rc8 contain a local privilege escalation vulnerability.

Are you actually experiencing this in 2.6.32-26, or just assuming it's
affected because the US-CERT page says it is?

-26 is the upload which is intended *to fix* this issue; see the
changelog and http://security-tracker.debian.org/tracker/CVE-2010-3904

Regards

Adam





Added tag(s) moreinfo. Request was from "Adam D. Barratt" <adam@adam-barratt.org.uk> to control@bugs.debian.org. (Fri, 29 Oct 2010 15:12:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>:
Bug#601747; Package linux-2.6. (Sat, 30 Oct 2010 01:12:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Hideki Yamane <henrich@debian.or.jp>:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>. (Sat, 30 Oct 2010 01:12:03 GMT) Full text and rfc822 format available.

Message #19 received at 601747@bugs.debian.org (full text, mbox):

From: Hideki Yamane <henrich@debian.or.jp>
To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Cc: 601747@bugs.debian.org
Subject: Re: Bug#601747: RDS protocol vulnerability
Date: Sat, 30 Oct 2010 10:08:27 +0900
On Fri, 29 Oct 2010 16:10:35 +0100
"Adam D. Barratt" <adam@adam-barratt.org.uk> wrote:
> Are you actually experiencing this in 2.6.32-26, or just assuming it's
> affected because the US-CERT page says it is?

 No, it's shame, I don't check debian/changelog... very sorry for all.
 

-- 
Regards,

 Hideki Yamane     henrich @ debian.or.jp/org
 http://wiki.debian.org/HidekiYamane




Bug marked as fixed in version 2.6.32-26, send any further explanations to Hideki Yamane <henrich@debian.or.jp> Request was from Hideki Yamane <henrich@debian.or.jp> to control@bugs.debian.org. (Sat, 30 Oct 2010 01:15:02 GMT) Full text and rfc822 format available.

Message sent on to Hideki Yamane <henrich@debian.or.jp>:
Bug#601747. (Sat, 30 Oct 2010 01:15:05 GMT) Full text and rfc822 format available.

Message #24 received at 601747-submitter@bugs.debian.org (full text, mbox):

From: Hideki Yamane <henrich@debian.or.jp>
To: control@bugs.debian.org
Cc: 601747-submitter@bugs.debian.org
Date: Sat, 30 Oct 2010 10:13:28 +0900
close 601747 2.6.32-26
thanks


-- 
Regards,

 Hideki Yamane     henrich @ debian.or.jp/org
 http://wiki.debian.org/HidekiYamane




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 27 Nov 2010 07:33:42 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 21:25:53 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.