oem-qa team mailing list archive

[feranick <feranick@xxxxxxxxxxx>]

*** This bug is a security vulnerability ***

Public security bug reported:

udev has been updated to generic hardy to fix two security
vulnerabilities. It should be updated in hardu for the dell-mini.
Changelog below.


udev (117-8ubuntu0.2) hardy-security; urgency=low

  * SECURITY UPDATE: root privilege escalation via udev event spoofing.
    - Add debian/patches/81-netlink-owner-check.patch: backport upstream
      fixes (CVE-2009-1185).
  * SECURITY UPDATE: overflow in path name encoding.
    - Add debian/patches/82-encoding-overflow.patch: backport upstream
      fixes (CVE-2009-1186).

 -- Kees Cook <kees@xxxxxxxxxx>  Wed, 08 Apr 2009 17:06:57 -0700

** Affects: dell-mini
     Importance: Undecided
         Status: New

** This bug has been flagged as a security vulnerability

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-1185

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-1186

-- 
Update udev to fix security vulnerability
https://bugs.launchpad.net/bugs/374371
You received this bug notification because you are a member of OEM
Services QA, which is subscribed to The Dell Mini Project.

Status in Dell Inspiron Mini with Custom Dell UI: New

Bug description:
udev has been updated to generic hardy to fix two security vulnerabilities. It should be updated in hardu for the dell-mini. Changelog below.


udev (117-8ubuntu0.2) hardy-security; urgency=low

  * SECURITY UPDATE: root privilege escalation via udev event spoofing.
    - Add debian/patches/81-netlink-owner-check.patch: backport upstream
      fixes (CVE-2009-1185).
  * SECURITY UPDATE: overflow in path name encoding.
    - Add debian/patches/82-encoding-overflow.patch: backport upstream
      fixes (CVE-2009-1186).

 -- Kees Cook <kees@xxxxxxxxxx>  Wed, 08 Apr 2009 17:06:57 -0700