Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 4 articles for you...
100
security advisorymoderatelocal privilege escalationSUSE: 2009-025 Moderate: udev Local Privilege Escalation Notification
This update fixes a local privilege escalation in udev. We previously This update fixes a local privilege escalation in udev. We previously released these updates and the advisory as SUSE-SA:2009:020 on released these updates and the advisory as SUSE-SA:2009:020 on April 16. Due to a mistake the patch fixing the security problem was not applied to the udev package, and we did not spot this during [More...]. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: udev Announcement ID: SUSE-SA:2009:025 Date: Wed, 22 Apr 2009 16:00:00 +0000 Affected Products: SUSE Linux Enterprise Desktop 10 SP2 SUSE Linux Enterprise 10 SP2 DEBUGINFO SUSE Linux Enterprise Server 10 SP2 Vulnerability Type: local privilege escalation Severity (1-10): 7 SUSE Default Package: yes Cross-References: CVE-2009-1185 SUSE-SA:2009:020 Content of This Advisory: 1) Security Vulnerability Resolved: udev local root exploit - SLE 10 sp2 respin Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion This update fixes a local privilege escalation in udev. We previously released these updates and the advisory as SUSE-SA:2009:020 on April 16. Due to a mistake the patch fixing the security problem was not applied to the udev package, and we did not spot this during the release process due to use ofa not fully functional proof of concept exploit in QA. Only SUSE Linux Enterprise 10 SP2 was missing the patch, the updated udev packages of other products released on April 16 contain the fix. The issue fixed: CVE-2009-1185: udev did not check the origin of the netlink messages. A local attacker could fake device create events and so gain root privileges. We thank SGI for reporting the missing patch problem to us. 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes Please restart the udevd after applying the update, by doing: /etc/init.d/boot.udev restart Alternatively you can reboot the machine to be sure. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv to apply the update, replacing with the filename of the downloaded RPM package. Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SUSE Linux Enterprise Server 10 SP2 https://login.microfocus.com/nidp/app/login?sid=0 SUSE Linux Enterprise 10 SP2 DEBUGINFO https://login.microfocus.com/nidp/app/login?sid=0 SUSE Linux Enterprise Desktop 10 SP2 https://login.microfocus.com/nidp/app/login?sid=0 ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify replacing with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team " where is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig to verify the signature of the package, replacing with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from
Apr 22, 2009
SuSE
200
security advisorylocal attackroot privilegesScientific Linux: 2009-04-16 Important Udev Security Update CVE-2009-1185
Important: udev security update. Date: Fri, 17 Apr 2009 11:28:34 -0500 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Important: udev on SL5.x i386/x86_64 Comments: To: "
Apr 17, 2009
•Important
Scientific Linux
98
security advisoryRed Hat Enterprise LinuximportantRed Hat Enterprise Linux 5 RHSA-2009:0427-01 Important: udev Local Attacker
Updated udev packages that fix one security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team.. ==================================================================== Red Hat Security Advisory Synopsis: Important: udev security update Advisory ID: RHSA-2009:0427-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2009:0427.html Issue date: 2009-04-16 CVE Names: CVE-2009-1185 ==================================================================== 1. Summary: Updated udev packages that fix one security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: udev provides a user-space API and implements a dynamic device directory, providing only the devices present on the system. udev replaces devfs in order to provide greater hot plug functionality. Netlink is a datagram oriented service, used to transfer information between kernel modules and user-space processes. It was discovered that udev did not properly check the origin of Netlink messages. A local attacker could use this flaw to gain root privileges via a crafted Netlink message sent to udev, causing it to create a world-writable block device file for an existing system block device (for example, the root file system). (CVE-2009-1185) Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for responsibly reporting this flaw. Users of udev are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the udevd daemon willbe restarted automatically. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 495051 - CVE-2009-1185 udev: Uncheck origin of NETLINK messages 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: libvolume_id-095-14.20.el5_3.i386.rpm udev-095-14.20.el5_3.i386.rpm udev-debuginfo-095-14.20.el5_3.i386.rpm x86_64: libvolume_id-095-14.20.el5_3.i386.rpm libvolume_id-095-14.20.el5_3.x86_64.rpm udev-095-14.20.el5_3.x86_64.rpm udev-debuginfo-095-14.20.el5_3.i386.rpm udev-debuginfo-095-14.20.el5_3.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: i386: libvolume_id-devel-095-14.20.el5_3.i386.rpm udev-debuginfo-095-14.20.el5_3.i386.rpm x86_64: libvolume_id-devel-095-14.20.el5_3.i386.rpm libvolume_id-devel-095-14.20.el5_3.x86_64.rpm udev-debuginfo-095-14.20.el5_3.i386.rpm udev-debuginfo-095-14.20.el5_3.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: i386: libvolume_id-095-14.20.el5_3.i386.rpm libvolume_id-devel-095-14.20.el5_3.i386.rpm udev-095-14.20.el5_3.i386.rpm udev-debuginfo-095-14.20.el5_3.i386.rpm ia64: libvolume_id-095-14.20.el5_3.ia64.rpm libvolume_id-devel-095-14.20.el5_3.ia64.rpm udev-095-14.20.el5_3.ia64.rpm udev-debuginfo-095-14.20.el5_3.ia64.rpm ppc: libvolume_id-095-14.20.el5_3.ppc.rpm libvolume_id-095-14.20.el5_3.ppc64.rpm libvolume_id-devel-095-14.20.el5_3.ppc.rpm libvolume_id-devel-095-14.20.el5_3.ppc64.rpm udev-095-14.20.el5_3.ppc.rpm udev-debuginfo-095-14.20.el5_3.ppc.rpm udev-debuginfo-095-14.20.el5_3.ppc64.rpm s390x: libvolume_id-095-14.20.el5_3.s390.rpm libvolume_id-095-14.20.el5_3.s390x.rpm libvolume_id-devel-095-14.20.el5_3.s390.rpm libvolume_id-devel-095-14.20.el5_3.s390x.rpm udev-095-14.20.el5_3.s390x.rpm udev-debuginfo-095-14.20.el5_3.s390.rpm udev-debuginfo-095-14.20.el5_3.s390x.rpm x86_64: libvolume_id-095-14.20.el5_3.i386.rpm libvolume_id-095-14.20.el5_3.x86_64.rpm libvolume_id-devel-095-14.20.el5_3.i386.rpm libvolume_id-devel-095-14.20.el5_3.x86_64.rpm udev-095-14.20.el5_3.x86_64.rpm udev-debuginfo-095-14.20.el5_3.i386.rpm udev-debuginfo-095-14.20.el5_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2009-1185 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. . Essential udev patch resolves vulnerabilities affecting Red Hat Enterprise Linux. Update immediately to protect your environment.. Red Hat Enterprise Linux, udev security update, important advisory. . Severity: Important. LinuxSecurity.com Team
Apr 16, 2009
•Important
Red Hat
89
security advisorydenial of servicefedoraFedora 9 udev Update: FEDORA-2009-3712 Critical Privilege Escalation
udev provides a user-space API and implements a dynamic device directory, providing only the devices present on the system. udev replaces devfs in order to provide greater hot plug functionality. Netlink is a datagram oriented service, used to transfer information between kernel modules and user-space processes. It was discovered that udev did not properly check the origin of Netlink messages. A local attacker could use this flaw to gain root privileges via a crafted Netlink message sent to udev, causing it to create a world- writable block device file for an existing system block device (for example, the root file system). (CVE-2009-1185) An integer overflow flaw, potentially leading to heap-based buffer overflow was found in one of the utilities providing functionality of the udev device information interface. An attacker could use this flaw to cause a denial of service, or possibly, to execute arbitrary code by providing a specially-crafted arguments as input to this utility. (CVE-2009-1186) Thanks to Sebastian Krahmer of the SUSE Security Team for responsibly reporting this flaw. Users of udev are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the udevd daemon will be restarted automatically.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-3712 2009-04-16 14:36:46 -------------------------------------------------------------------------------- Name : udev Product : Fedora 9 Version : 124 Release : 4.fc9 URL : Summary : A userspace implementation of devfs Description : The udev package contains an implementation of devfs in userspace using sysfs and netlink. -------------------------------------------------------------------------------- Update Information: udev provides a user-space API and implements a dynamic device directory, providing only the devices present on the system. udev replaces devfs inorder to provide greater hot plug functionality. Netlink is a datagram oriented service, used to transfer information between kernel modules and user-space processes. It was discovered that udev did not properly check the origin of Netlink messages. A local attacker could use this flaw to gain root privileges via a crafted Netlink message sent to udev, causing it to create a world- writable block device file for an existing system block device (for example, the root file system). (CVE-2009-1185) An integer overflow flaw, potentially leading to heap-based buffer overflow was found in one of the utilities providing functionality of the udev device information interface. An attacker could use this flaw to cause a denial of service, or possibly, to execute arbitrary code by providing a specially-crafted arguments as input to this utility. (CVE-2009-1186) Thanks to Sebastian Krahmer of the SUSE Security Team for responsibly reporting this flaw. Users of udev are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the udevd daemon will be restarted automatically. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 16 2009 Harald Hoyer 124-4 - fix for CVE-2009-1186 * Tue Apr 14 2009 Harald Hoyer 124-3 - fix for CVE-2009-1185 * Wed Aug 6 2008 Harald Hoyer 124-2 - added patch for cdrom tray close bug (rhbz#453095) - fixed udevadm syntax in start_udev (credits B.J.W. Polman) * Fri Jul 4 2008 Harald Hoyer 124-1.2 - make block devices 0660 as an interim fix (rhbz#451320) * Tue Jun 17 2008 Harald Hoyer 124-1.1 - readded udevcontrol, udevtrigger symlinks for Fedora 9, which are needed by live-cd-tools * Thu Jun 12 2008 Harald Hoyer 124-1 - version 124 - removed udevcontrol, udevtrigger symlinks (use udevadm now) * Tue Jun 3 2008 Jeremy Katz - 121-2.20080516git - Add lost F9 change to remove /dev/.udev in start_udev (#442827) * Fri May 16 2008 Harald Hoyer 121-1.20080516git - version 121 + latest git fixes * Wed May 7 2008 Harald Hoyer 120-6.20080421git - added input/hp_ilo_mouse symlink -------------------------------------------------------------------------------- References: [ 1 ] Bug #495051 - CVE-2009-1185 udev: Uncheck origin of NETLINK messages https://bugzilla.redhat.com/show_bug.cgi?id=495051 [ 2 ] Bug #495052 - CVE-2009-1186 udev: Buffer overflow in path encoding routine https://bugzilla.redhat.com/show_bug.cgi?id=495052 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update udev' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Apr 16, 2009
•Critical
Fedora
89
security advisorybuffer overflowcriticalFedora: 2009-3711 High Severity udev Flaw Allows Root Access and DoS
udev provides a user-space API and implements a dynamic device directory, providing only the devices present on the system. udev replaces devfs in order to provide greater hot plug functionality. Netlink is a datagram oriented service, used to transfer information between kernel modules and user-space processes. It was discovered that udev did not properly check the origin of Netlink messages. A local attacker could use this flaw to gain root privileges via a crafted Netlink message sent to udev, causing it to create a world- writable block device file for an existing system block device (for example, the root file system). (CVE-2009-1185) An integer overflow flaw, potentially leading to heap-based buffer overflow was found in one of the utilities providing functionality of the udev device information interface. An attacker could use this flaw to cause a denial of service, or possibly, to execute arbitrary code by providing a specially-crafted arguments as input to this utility. (CVE-2009-1186) Thanks to Sebastian Krahmer of the SUSE Security Team for responsibly reporting this flaw. Users of udev are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the udevd daemon will be restarted automatically.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-3711 2009-04-16 14:36:46 -------------------------------------------------------------------------------- Name : udev Product : Fedora 10 Version : 127 Release : 5.fc10 URL : Summary : A userspace implementation of devfs Description : The udev package contains an implementation of devfs in userspace using sysfs and netlink. -------------------------------------------------------------------------------- Update Information: udev provides a user-space API and implements a dynamic device directory, providing only the devices present on the system. udev replaces devfs inorder to provide greater hot plug functionality. Netlink is a datagram oriented service, used to transfer information between kernel modules and user-space processes. It was discovered that udev did not properly check the origin of Netlink messages. A local attacker could use this flaw to gain root privileges via a crafted Netlink message sent to udev, causing it to create a world- writable block device file for an existing system block device (for example, the root file system). (CVE-2009-1185) An integer overflow flaw, potentially leading to heap-based buffer overflow was found in one of the utilities providing functionality of the udev device information interface. An attacker could use this flaw to cause a denial of service, or possibly, to execute arbitrary code by providing a specially-crafted arguments as input to this utility. (CVE-2009-1186) Thanks to Sebastian Krahmer of the SUSE Security Team for responsibly reporting this flaw. Users of udev are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the udevd daemon will be restarted automatically. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 16 2009 Harald Hoyer 127-5 - fix for CVE-2009-1186 * Wed Apr 15 2009 Harald Hoyer 127-4 - fix for CVE-2009-1185 -------------------------------------------------------------------------------- References: [ 1 ] Bug #495051 - CVE-2009-1185 udev: Uncheck origin of NETLINK messages https://bugzilla.redhat.com/show_bug.cgi?id=495051 [ 2 ] Bug #495052 - CVE-2009-1186 udev: Buffer overflow in path encoding routine https://bugzilla.redhat.com/show_bug.cgi?id=495052 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update udev' at the command line. For more information, refer to "Managing Software with yum", available at . All packages aresigned with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Apr 16, 2009
Fedora
172
security advisorydenial of servicebuffer overflowUbuntu 758-1: Moderate Security Risks with Udev Root Access and DoS
Sebastian Krahmer discovered that udev did not correctly validate netlinkmessage senders. A local attacker could send specially crafted messagesto udev in order to gain root privileges. (CVE-2009-1185) [More...]. ==========================================================Ubuntu Security Notice USN-758-1 April 15, 2009 udev vulnerabilities CVE-2009-1185, CVE-2009-1186 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: udev 079-0ubuntu35.1 Ubuntu 7.10: udev 113-0ubuntu17.2 Ubuntu 8.04 LTS: udev 117-8ubuntu0.2 Ubuntu 8.10: udev 124-9ubuntu0.2 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: Sebastian Krahmer discovered that udev did not correctly validate netlink message senders. A local attacker could send specially crafted messages to udev in order to gain root privileges. (CVE-2009-1185) Sebastian Krahmer discovered a buffer overflow in the path encoding routines in udev. A local attacker could exploit this to crash udev, leading to a denial of service. (CVE-2009-1186) Updated packages for Ubuntu 6.06 LTS: Source archives: Size/MD5: 51122 c7d3b676db9a83db24f422a285438ca7 Size/MD5: 670 7cbaeaa0f9888994397d3d7cf90e3658 Size/MD5: 281803 2b34fbddeadee3728ffe28121d6c1ebd amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 142138 1392a4f575c8acda5672fc62f637b3fb Size/MD5: 279030 84f654a125f3e3d0725103cfe68420b0 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 1096384882b6311f73bef9868881b1c5e8ed41 Size/MD5: 239122 af377acadfffddf3d9040dc23286fc8f powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 118100 d792bd2e62989a8d95309aed153e4289 Size/MD5: 280766 b306f68f10ff06ca5cd9ee17828d39d5 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 115618 63bcef9fd2bada2eafe266d7796a84c9 Size/MD5: 247624 4b80d6ca0c5e076f249087c118962922 Updated packages for Ubuntu 7.10: Source archives: Size/MD5: 55913 a7a1ba8a02b2fe905bc71743e5a5c7c0 Size/MD5: 728 7b6e062975bbe336c2d760e5ff11572a Size/MD5: 239920 be4948d5057ae469de9bea8ae588221e amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 86226 3f5adacc769ddfe17fafd79c54ce81a7 Size/MD5: 81900 edaba987b6002b09d6b4173e156e330e Size/MD5: 149804 e601d0c2bc7037a8df133a30d1f76605 Size/MD5: 304258 7a2173b367fc88bf531bfb706e3e1f8b Size/MD5: 75160 fd8f032baabb6f0bbfc6f371cec52e1c i386 architecture (x86 compatible Intel/AMD): Size/MD5: 83892 12a63120228e99b4730f010cd361c244 Size/MD5: 80572 6b5994b0eadaaee1f523de159718b408 Size/MD5: 132812 630042b66ab4a4344191fc82ecec0a38 Size/MD5: 288284 986d47c76158ade2a30e6a1948f55082 Size/MD5: 74174 902478d959375b71e2b78cf0f0f8d82a lpia architecture (Low Power Intel Architecture): Size/MD5: 83926 a32df0b3fe432aadfad07d3961e20a7e Size/MD5: 80568 0266ced7497651f1bc9996ee0e00d6c5 Size/MD5: 132732 386aa29c7b1175fac96d231a0e255118 Size/MD5: 288604 e05dbb1b8ff89c24b26cf318550442d6 Size/MD5: 74138 bf4aa952e2d07c0d27fba4e858dcd678 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 87538 e0b0ae6ebf9847c5a4141950026b29f2 Size/MD5: 83398 a4372fb8399d28496fe8ed7a03fe2aab Size/MD5: 149236 99bdb65c79ce39bf881fa56972a7df76 Size/MD5: 336274d575f25a976f8cbd4cd123f47c696305 Size/MD5: 77432 6c548fabc0ad7861f125de70071cd0d7 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 87846 a331c703a9b11a20670a160d9bc5a16e Size/MD5: 83846 6d2a1c58ea38e9b71fba17f841b4a26c Size/MD5: 141244 de4f7c09715c900cda38abbf53a6bf0f Size/MD5: 294436 4591981586a1d547ea33c3cc8b09b39b Size/MD5: 74714 cee96bfcea22c72a410644cb812591c0 Updated packages for Ubuntu 8.04 LTS: Source archives: Size/MD5: 65730 81fffa88d20b553d3957cc5180258028 Size/MD5: 716 5ce142feffe74504599351ce14f8e79c Size/MD5: 245289 1e2b0a30a39019fc7ef947786102cd22 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 90008 9b726512e3681753aa17b4c28f5f0c97 Size/MD5: 85680 7b719dd5b310814d742d82e8187936ad Size/MD5: 142424 3b3556f38c4751c19e94dfa442378975 Size/MD5: 275764 a7341d40aaf3886ede818bacdb8f725b i386 architecture (x86 compatible Intel/AMD): Size/MD5: 87874 bba06e76c225f835d4bd5da9cf71cb17 Size/MD5: 84476 2aaa0302816eb8d524b4b9eed6cc6664 Size/MD5: 125376 12efe871f550741a6070849ecbf345d8 Size/MD5: 262096 14de9f79f3e92bca2fd087747fe2cbe4 lpia architecture (Low Power Intel Architecture): Size/MD5: 87820 06ae468615109e9693007bbbbd5ab76c Size/MD5: 84344 74698366a89ff79f7da56e1e8081b7f8 Size/MD5: 125366 24e6abe9d2d71edc59c8fee7c321aac4 Size/MD5: 262202 ccd906dc5ba0f8150d2e54560cb506fa powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 91184 0244aee4cd0b49b752b60bb69b822e8d Size/MD5: 87282 717d460e52f5208028b8a114c41441d3 Size/MD5: 142902 ac0227c34eabb4f40f8011ab810c6774 Size/MD5: 284190 791467a0daac1a186b308a5260998765 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 91172 5d7f21eb5e8183fd4a3a93a08e71fa9a Size/MD5: 874205799e495a349dffb947bca5b831e0a59 Size/MD5: 134148 07f30c5e47363b26a07a695ef208ac39 Size/MD5: 268260 81d8d2489b05238c43928ccca028fd97 Updated packages for Ubuntu 8.10: Source archives: Size/MD5: 60670 3294d977bf37ae45a66d47b624b60db0 Size/MD5: 1092 b52e321c7c4c0e0d6d292167cb6019f8 Size/MD5: 257418 2ea9229208154229c5d6df6222f74ad7 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 93152 2ae90a4dc2bad933180b03169f021786 Size/MD5: 88906 31e1fc7a2a7546cdb6c26b38df29cab3 Size/MD5: 140768 bff970a06a6364bec08459be64169da8 Size/MD5: 280684 09f8b16a2b7b7b5c637e314302ad27b1 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 90866 348a4b3c7ecace17161c156f648ef7f5 Size/MD5: 87674 af9f5a9f38ebff8867ea1d6055e33705 Size/MD5: 124664 65a463c6512f87e71b40640809f68245 Size/MD5: 263786 34aa4d7ad23bcd6fe682d5c958c2b176 lpia architecture (Low Power Intel Architecture): Size/MD5: 90952 13a89ac0608a4432f8fe3410798bfc80 Size/MD5: 87526 c62d3f557da0f00a683dd2affab3ac18 Size/MD5: 124596 227b5495edd9e8164030ec9e3445206f Size/MD5: 263960 55a49a09202c83919fc7966e9cb4f0e9 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 94720 9f705767aec000389c4a0ac5547e4b08 Size/MD5: 90490 0a821585e04ab4a3ae43fba609d15bad Size/MD5: 136420 a13c982f31bb35caf8bdfa0230d6bf25 Size/MD5: 283654 27a1278de0e01ecd84806b4c52242130 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 94552 4ca615812516cb06abbeb05936f60e3c Size/MD5: 90856 7c2cbb37e564258dcf75f2f0a85ebe51 Size/MD5: 136020 0f478380b3c641b037818ed607eea594 Size/MD5: 274892 2f392b3a4d9d271db107930adc81e8e4 . Uncover significant udev security flaws in Ubuntu which enable local assailants to obtain elevated privileges or lead to service disruptions..udev Vulnerabilities, Ubuntu Security, Local Attacker, Privilege Escalation. . Severity: Important. LinuxSecurity.com Team
Apr 15, 2009
•Important
Ubuntu
89
security advisoryupdatecriticalFedora Core 4: 2006-123 Critical Device Naming Issues in Udev 071
Updated package.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2006-123 2006-02-23 ---------------------------------------------------------------------Product : Fedora Core 4 Name : udev Version : 071 Release : 0.FC4.3 Summary : A userspace implementation of devfs Description : udev is a implementation of devfs in userspace using sysfs and /sbin/hotplug. It requires a 2.6 kernel to run properly. ---------------------------------------------------------------------Update Information: This udev update fixes the following issues: - pktcdvd device naming (bz #161268) - dvb permissions (bz #179993) - pilot symlink creation - removed last_rule from ttyUSB, ttyS, ttyACM - added conflict with old module-init-tools ---------------------------------------------------------------------* Tue Feb 21 2006 Harald Hoyer - 071-0.FC4.3 - fixed pktcdvd device nameing (bz #161268) - fixed dvb permissions (bz #179993) - fixed pilot symlink creation - removed last_rule from ttyUSB, ttyS, ttyACM - conflicts with old module-init-tools ---------------------------------------------------------------------This update can be downloaded from: b684e520aa3548b78f7f006a8b6a2bebb8229b3c SRPMS/udev-071-0.FC4.3.src.rpm ea81d92571972131e29d484325ca471b6d4b9769 ppc/udev-071-0.FC4.3.ppc.rpm 2167110ce60f0af64e06915a89fba48946741fba ppc/debug/udev-debuginfo-071-0.FC4.3.ppc.rpm 9935773f87255b85ba68eb862755f84a3fb0b50f x86_64/udev-071-0.FC4.3.x86_64.rpm 45f3b6c79d1e86747e373b932fe0d50f5e1f0f50 x86_64/debug/udev-debuginfo-071-0.FC4.3.x86_64.rpm f54b2f9e5b7e580f0fafc925a245c5d809bba13c i386/udev-071-0.FC4.3.i386.rpm 74885feabc54cacc97efe0fce43cf88b9c97aadb i386/debug/udev-debuginfo-071-0.FC4.3.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,'available at . ----------------------------------------------------------------------- fedora-announce-list mailing list
Feb 23, 2006
•Critical
Fedora
200
security advisorykdegraphicscupsScientific Linux 40,41,42 RHSA-2005:840-02 Important: xpdf Security Update
Important: xpdf security update. Date: Wed, 21 Dec 2005 17:28:24 -0600 Reply-To: Connie Sieh Sender: Security Errata for Scientific Linux From: Connie Sieh Subject: ERRATA for SL 40,41,42 i386 now available Comments: To:
Dec 21, 2005
•Important
Scientific Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!