From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1772-1 [email protected] http://www.debian.org/security/ Florian Weimer
April 16, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : udev
Vulnerability : several
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2009-1185 CVE-2009-1186

Sebastian Kramer discovered two vulnerabilities in udev, the /dev and
hotplug management daemon.

CVE-2009-1185

udev does not check the origin of NETLINK messages, allowing local
users to gain root privileges.

CVE-2009-1186

udev suffers from a buffer overflow condition in path encoding,
potentially allowing arbitrary code execution.

For the old stable distribution (etch), these problems have been fixed in version 0.105-4etch1.

For the stable distribution (lenny), these problems have been fixed in
version 0.125-7+lenny1.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your udev package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1.diff.gz
Size/MD5 checksum: 65496 c004ab727c31c58012eb518ea1293c06
http://security.debian.org/pool/updates/main/u/udev/udev_0.105.orig.tar.gz
Size/MD5 checksum: 188150 9d58389d5ef915c49681cae4fba3cd60
http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1.dsc
Size/MD5 checksum: 653 11e4e0cb9bc8cb2f93890e80e9314a7b

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_alpha.udeb
Size/MD5 checksum: 133696 82ebf80715efaa545bb98fa92b5c6e30
http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_alpha.deb
Size/MD5 checksum: 293006 6e1ff1cf34638ebe01d6a7cc3771eef9
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_alpha.deb
Size/MD5 checksum: 25892 17fc41c4605c256b933cefcda3c21a48
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_alpha.deb
Size/MD5 checksum: 67762 335db6bf028839d64d656b3b243d3e23

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_amd64.deb
Size/MD5 checksum: 277954 4daf7f67c7ddb2bea7906c3a2e5f4450
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_amd64.deb
Size/MD5 checksum: 17570 abb465d39529deff8a8a44e6e3511e92
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_amd64.deb
Size/MD5 checksum: 64016 1fa7e638e153131fae0794bdfa29f10e
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_amd64.udeb
Size/MD5 checksum: 118680 18f17e7030d7ec1c8445e8b2e5420150

arm architecture (ARM)

http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_arm.deb
Size/MD5 checksum: 266724 8cb242b97c43b91065a51ad06e341c26
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_arm.deb
Size/MD5 checksum: 65394 053e04d02f57089c52ee9ed2dedd1824
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_arm.deb
Size/MD5 checksum: 18146 06aaf0730d2822b9efc3658d9c6aad6f
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_arm.udeb
Size/MD5 checksum: 108792 d1d15e13b7acaf80449d70a46474d5cc

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_hppa.deb
Size/MD5 checksum: 284024 5a95e42a4bc958ea800d0ad2fc7137f7
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_hppa.deb
Size/MD5 checksum: 69216 1fa0f6be4314a15c272008889ad5cdd3
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_hppa.udeb
Size/MD5 checksum: 123292 9423477a619848bc5b897c183578eedf
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_hppa.deb
Size/MD5 checksum: 22822 2e425348f052eb7227af5b4162d87886

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_i386.deb
Size/MD5 checksum: 62672 1fb6a5c71a746c54d2d153f82d156622
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_i386.udeb
Size/MD5 checksum: 104858 6755b7f2be45c09dcfbeba11b71fb2b4
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_i386.deb
Size/MD5 checksum: 15596 42d679cf1bf5708e12f2ebe0928d0f17
http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_i386.deb
Size/MD5 checksum: 263502 c771e199202b3a30191e562591b2a5f1

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_ia64.deb
Size/MD5 checksum: 71234 db3642925a8d81f1d63fa5a194be85ca
http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_ia64.deb
Size/MD5 checksum: 348482 03798072d8288f3e6080f6a32178a55a
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_ia64.deb
Size/MD5 checksum: 26664 f1eeb303578e5d42c46d1d50bedc3427
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_ia64.udeb
Size/MD5 checksum: 178622 1681eaf7e11447c584d199eca57c7829

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_mips.deb
Size/MD5 checksum: 21846 c154d642eeaec8a4ff465d0dd7854d6f

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)