oem-qa team mailing list archive

[feranick <feranick@xxxxxxxxxxx>]

*** This bug is a security vulnerability ***

Public security bug reported:

Current version on Dell Mini: 117-8msg6

On generic hardy: 117-8ubuntu0.2 (updated April 6th, 2009) to fix two
security vulnerabilities (see below). These should be applied to udev
for the dell mini.

udev (117-8ubuntu0.2) hardy-security; urgency=low

  * SECURITY UPDATE: root privilege escalation via udev event spoofing.
    - Add debian/patches/81-netlink-owner-check.patch: backport upstream
      fixes (CVE-2009-1185).
  * SECURITY UPDATE: overflow in path name encoding.
    - Add debian/patches/82-encoding-overflow.patch: backport upstream
      fixes (CVE-2009-1186).

** Affects: dell-mini
     Importance: Undecided
         Status: New

** This bug has been flagged as a security vulnerability

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-1185

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-1186

-- 
Update udev to fix security vulnerabilites
https://bugs.launchpad.net/bugs/362675
You received this bug notification because you are a member of OEM
Services QA, which is subscribed to The Dell Mini Project.

Status in Dell Inspiron Mini with Custom Dell UI: New

Bug description:
Current version on Dell Mini: 117-8msg6

On generic hardy: 117-8ubuntu0.2 (updated April 6th, 2009) to fix two security vulnerabilities (see below). These should be applied to udev for the dell mini.

udev (117-8ubuntu0.2) hardy-security; urgency=low

  * SECURITY UPDATE: root privilege escalation via udev event spoofing.
    - Add debian/patches/81-netlink-owner-check.patch: backport upstream
      fixes (CVE-2009-1185).
  * SECURITY UPDATE: overflow in path name encoding.
    - Add debian/patches/82-encoding-overflow.patch: backport upstream
      fixes (CVE-2009-1186).