oem-qa team mailing list archive

Thread
Date

[Bug 374371] Re: Update udev to fix security vulnerability

To: oem-qa@xxxxxxxxxxxxxxxxxxx
From: Brian Chidester <brian.chidester@xxxxxxxxxxxxx>
Date: Thu, 21 May 2009 10:07:52 -0000
Reply-to: Bug 374371 <374371@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: dell-mini
       Status: New => Confirmed

-- 
Update udev to fix security vulnerability
https://bugs.launchpad.net/bugs/374371
You received this bug notification because you are a member of OEM
Services QA, which is subscribed to The Dell Mini Project.

Status in Dell Inspiron Mini with Custom Dell UI: Confirmed

Bug description:
udev has been updated to generic hardy to fix two security vulnerabilities. It should be updated in hardu for the dell-mini. Changelog below.


udev (117-8ubuntu0.2) hardy-security; urgency=low

  * SECURITY UPDATE: root privilege escalation via udev event spoofing.
    - Add debian/patches/81-netlink-owner-check.patch: backport upstream
      fixes (CVE-2009-1185).
  * SECURITY UPDATE: overflow in path name encoding.
    - Add debian/patches/82-encoding-overflow.patch: backport upstream
      fixes (CVE-2009-1186).

 -- Kees Cook <kees@xxxxxxxxxx>  Wed, 08 Apr 2009 17:06:57 -0700

References

[Bug 374371] [NEW] Update udev to fix security vulnerability
From: feranick, 2009-05-10