From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-2015
[email protected] http://www.debian.org/security/ Dann Frazier
March 15, 2010
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : drbd8
Vulnerability : privilege escalation
Problem type : local
Debian-specific: no
CVE Id(s) : not yet available
Debian Bug : 573531
A local vulnerability has been discovered in drbd8.
Philipp Reisner fixed an issue in the drbd kernel module that allows
local users to send netlink packets to perform actions that should be restricted to users with CAP_SYS_ADMIN privileges. This is a similar
issue to those described by CVE-2009-3725.
This update also fixes an ABI compatibility issue which was introduced
by linux-2.6 (2.6.26-21lenny3). The prebuilt drbd module packages listed
in this advisory require a linux-image package version 2.6.26-21lenny3
or greater.
For the stable distribution (lenny), this problem has been fixed in
drbd8 (2:8.0.14-2+lenny1).
We recommend that you upgrade your drbd8 packages.
The linux-modules-extra-2.6 package has been rebuilt against the updated
drbd8 package to provide fixed prebuilt drbd8-modules packages. If,
instead of using the prebuilt drbd8-modules packages, you have built and installed a local copy of the drbd module from the drbd8-source package
(e.g., using module-assistant), you will need to follow the same steps
you originally used to rebuild your module after upgrading the
drbd8-source package.
Note: After upgrading a kernel module you must reload the module
for the changes to take effect:
1) Shutdown all services that make use of the drbd module
2) Unload the previous drbd module (modprobe -r drbd)
3) Load the updated drbd module (modprobe drbd)
4) Restart any services that make use of the drbd module
A system reboot will also cause the updated module to be used.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/d/drbd8/drbd8_8.0.14-2+lenny1.diff.gz
Size/MD5 checksum: 13534 0f37f7d1b213bb9da12a77739ea732ec
http://security.debian.org/pool/updates/main/d/drbd8/drbd8_8.0.14-2+lenny1.dsc
Size/MD5 checksum: 1106 ac5eca2917f7a55329edd74fc5337bf8
http://security.debian.org/pool/updates/main/d/drbd8/drbd8_8.0.14.orig.tar.gz
Size/MD5 checksum: 319039 8b4586e2561879b5e86d0a91affb5aa2
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/linux-modules-extra-2.6_2.6.26-6+lenny3.tar.gz
Size/MD5 checksum: 110567 48b74b1067e1fb89169292e5a008271e
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/linux-modules-extra-2.6_2.6.26-6+lenny3.dsc
Size/MD5 checksum: 22876 8bf03cefe9575d96400f701f477b5173
Architecture independent packages:
http://security.debian.org/pool/updates/main/d/drbd8/drbd8-source_8.0.14-2+lenny1_all.deb
Size/MD5 checksum: 144286 23122da383150e92058d581c652bcc1f
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/d/drbd8/drbd8-utils_8.0.14-2+lenny1_alpha.deb
Size/MD5 checksum: 155514 f3e186d0770b8257e1e447b19baa3d11
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-alpha-smp_2.6.26+3.3-6+lenny3_alpha.deb
Size/MD5 checksum: 34922 13d7330599873347a855ae8d259b0bf7
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-alpha-legacy_2.6.26+2.0.4-6+lenny3_alpha.deb
Size/MD5 checksum: 113138 f7df35650b7210aa7423afc610bf48d1
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-alpha-legacy_2.6.26-6+lenny3_alpha.deb
Size/MD5 checksum: 5184 1787663b8d987d9a99c89bf97ebd6a00
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-alpha-smp_2.6.26+0+20080719-6+lenny3_alpha.deb
Size/MD5 checksum: 115800 759988267944731a863e5b8e17838eba
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-alpha-legacy_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_alpha.deb
Size/MD5 checksum: 85702 062d3e48d36c8d3f0e3435ffa9b7d56d
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-alpha-generic_2.6.26-6+lenny3_alpha.deb
Size/MD5 checksum: 5184 a49add494fe8d7b6c0aedb85ff471e7b
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-alpha-generic_2.6.26+3.2c-6+lenny3_alpha.deb
Size/MD5 checksum: 72774 0fe676b8efb3413ff532f82a6ed4e8fc
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-alpha-smp_2.6.26-6+lenny3_alpha.deb
Size/MD5 checksum: 4686 a636ff412d1a2a07bd53c68bd8899080
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-alpha-smp_2.6.26+2.20081102-6+lenny3_alpha.deb
Size/MD5 checksum: 231922 a487f8b40aa3d832730b8b9e7192cf7e
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-alpha-legacy_2.6.26-6+lenny3_alpha.deb
Size/MD5 checksum: 4598 0213429c13436b8058d5c0f84a3fb168
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-alpha-generic_2.6.26+1.2.3-2-6+lenny3_alpha.deb
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)