il modello di sicurezza di debian e quello degli altri, era
Re: [Soci SLIP] Red Hat, Ubuntu,
and Arch Linux patch Linux kernel exploit
llcfree
llcfree a gmail.com
Dom 20 Gen 2013 20:35:05 CET
On Sun, 2013-01-20 at 11:57 +0100, Lucio Crusca wrote:
> In data domenica 20 gennaio 2013 11:33:55, llcfree ha scritto:
> > > > sicurezza con debian testing. Tempo di scoprirlo?
> > >
> > > Te lo dico io: quasi non c'è.
> >
> > Temo proprio che tu abbia ragione. Questa e' la ragione per cui avevo
> > scartato molto tempo fa l'ipotesi di usare testing
Questa volta ci siamo sbagliati tutti e due, valeva la pena controllare,
dormi sogni sereni, almeno per 2012-0056, ci ha pensato debian :)
https://security-tracker.debian.org/tracker/CVE-2012-0056
Name CVE-2012-0056
Description The mem_write function in Linux kernel 2.6.39 and other
versions, when ASLR is disabled, does not properly check permissions
when writing to /proc/<pid>/mem, which allows local users to gain
privileges by modifying process memory, as demonstrated by Mempodipper.
Source CVE (at NVD; oss-sec, Red Hat, Ubuntu, Gentoo, more)
NVD severity medium (attack range: local)
Debian/oldstable not known to be vulnerable.
Debian/stable not vulnerable.
Debian/testing not known to be vulnerable.
Debian/unstable not known to be vulnerable.
Vulnerable and fixed packages
The table below lists information on source packages.
Source Package Release Version Status
linux-2.6 (PTS) squeeze (security) 2.6.32-44 fixed
squeeze 2.6.32-46 fixed
The information above is based on the following data on fixed versions.
Package Type Release Fixed Version Urgency Origin Debian Bugs
linux-2.6 source (unstable) 3.2.1-2 medium
linux-2.6 source lenny (not affected)
linux-2.6 source squeeze (not affected)
Notes
[squeeze] - linux-2.6 <not-affected> (introduced in 2.6.39)
[lenny] - linux-2.6 <not-affected> (introduced in 2.6.39)
fix is
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e268337dfe26dfc7efd422a804dbb27977a3cccc (queued for 3.3)
Loredana
Maggiori informazioni sulla lista
Soci