oem-qa team mailing list archive

Thread
Date

[Bug 362675] Re: Update udev to fix security vulnerabilites

To: oem-qa@xxxxxxxxxxxxxxxxxxx
From: Chris Wayne <chris.wayne@xxxxxxxxxxxxx>
Date: Tue, 28 Apr 2009 14:06:13 -0000
Reply-to: Bug 362675 <362675@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: dell-mini
       Status: New => Confirmed

-- 
Update udev to fix security vulnerabilites
https://bugs.launchpad.net/bugs/362675
You received this bug notification because you are a member of OEM
Services QA, which is subscribed to The Dell Mini Project.

Status in Dell Inspiron Mini with Custom Dell UI: Confirmed

Bug description:
Current version on Dell Mini: 117-8msg6

On generic hardy: 117-8ubuntu0.2 (updated April 6th, 2009) to fix two security vulnerabilities (see below). These should be applied to udev for the dell mini.

udev (117-8ubuntu0.2) hardy-security; urgency=low

  * SECURITY UPDATE: root privilege escalation via udev event spoofing.
    - Add debian/patches/81-netlink-owner-check.patch: backport upstream
      fixes (CVE-2009-1185).
  * SECURITY UPDATE: overflow in path name encoding.
    - Add debian/patches/82-encoding-overflow.patch: backport upstream
      fixes (CVE-2009-1186).

References

[Bug 362675] [NEW] Update udev to fix security vulnerabilites
From: feranick, 2009-04-17