The Dell Mini Project

Update udev to fix security vulnerabilites

Bug #362675 reported by Nicola Ferralis on 2009-04-17

252

Affects		Status	Importance	Assigned to	Milestone
	The Dell Mini Project	Fix Released	Undecided	Unassigned

Bug Description

Current version on Dell Mini: 117-8msg6

On generic hardy: 117-8ubuntu0.2 (updated April 6th, 2009) to fix two security vulnerabilities (see below). These should be applied to udev for the dell mini.

udev (117-8ubuntu0.2) hardy-security; urgency=low

  * SECURITY UPDATE: root privilege escalation via udev event spoofing.
    - Add debian/patches/81-netlink-owner-check.patch: backport upstream
      fixes (CVE-2009-1185).
  * SECURITY UPDATE: overflow in path name encoding.
    - Add debian/patches/82-encoding-overflow.patch: backport upstream
      fixes (CVE-2009-1186).

CVE References

Nicola Ferralis (feranick) on 2009-04-17

security vulnerability:

no → yes

Chris Wayne (cwayne) on 2009-04-28

Changed in dell-mini:
status:	New → Confirmed

Nicola Ferralis (feranick) on 2009-06-22

Changed in dell-mini:
status:	Confirmed → Fix Committed

Nicola Ferralis (feranick) on 2009-06-29

Changed in dell-mini:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.