[Secure-testing-team] Bug#530245: udev: Fix of bug #462655 should be ported to lenny
Stefanos Harhalakis
v13 at v13.gr
Sat May 23 09:48:00 UTC 2009
Package: udev
Version: 0.141-1
Severity: critical
Tags: security
Justification: root security hole
Bug #462655 also affects lenny.
I believe that it should be ported to lenny too since:
a) It is security related
b) Most aacraid-related controllers are on servers which tend to use stable
-- Package-specific info:
-- /etc/udev/rules.d/:
/etc/udev/rules.d/:
total 220
lrwxrwxrwx 1 root root 23 2008-09-17 17:34 010-no-legacy-ptys.rules -> ../no-legacy-ptys.rules
lrwxrwxrwx 1 root root 20 2008-09-17 16:45 025_libchipcard.rules -> ../libchipcard.rules
lrwxrwxrwx 1 root root 19 2008-09-17 16:45 025_libgphoto2.rules -> ../libgphoto2.rules
lrwxrwxrwx 1 root root 15 2008-09-17 16:45 025_lomoco.rules -> ../lomoco.rules
lrwxrwxrwx 1 root root 16 2008-09-17 16:45 030_ifplugd.rules -> ../ifplugd.rules
lrwxrwxrwx 1 root root 13 2008-09-17 17:31 035_kino.rules -> ../kino.rules
-rw-r--r-- 1 root root 1137 2008-10-01 17:33 65_dmsetup.rules
-rw-r--r-- 1 root root 991 2008-09-17 16:45 65_mdadm.vol_id.rules
-rw-r--r-- 1 root root 3436 2009-03-06 07:51 70-persistent-cd.rules
-rw-r--r-- 1 root root 1652 2009-05-02 00:08 70-persistent-net.rules
-rw-r--r-- 1 root root 283 2009-03-25 23:52 85_dmraid.rules
lrwxrwxrwx 1 root root 16 2008-09-17 16:45 libmtp7.rules -> ../libmtp7.rules
lrwxrwxrwx 1 root root 15 2008-09-17 16:45 libnjb.rules -> ../libnjb.rules
-rw-r--r-- 1 root root 550 2008-09-18 16:21 xpp.rules
-rw-r--r-- 1 root root 505 2008-09-17 16:45 xpp.rules.dpkg-old
lrwxrwxrwx 1 root root 17 2008-09-17 16:45 z33_v.rules -> ../v-custom.rules
lrwxrwxrwx 1 root root 30 2008-09-17 17:31 z55_alsa-firmware-loaders.rules -> ../alsa-firmware-loaders.rules
lrwxrwxrwx 1 root root 19 2008-09-17 16:45 z60_alsa-utils.rules -> ../alsa-utils.rules
-rw-r--r-- 1 root root 2079 2009-04-08 18:20 z60_gpsd.rules
lrwxrwxrwx 1 root root 15 2008-09-17 16:45 z60_hdparm.rules -> ../hdparm.rules
-rw-r--r-- 1 root root 5354 2009-03-17 12:09 z60_hplip.rules
-rw-r--r-- 1 root root 590 2009-05-17 19:13 z60_iguanair.rules
-rw-r--r-- 1 root root 1240 2009-04-06 21:06 z60_kpartx.rules
-rw-r--r-- 1 root root 2589 2008-09-17 16:45 z60_libpisock9.rules
-rw-r--r-- 1 root root 1152 2009-05-06 15:26 z60_libsane-extras.rules
-rw-r--r-- 1 root root 72908 2009-03-04 12:03 z60_libsane.rules
-rw-r--r-- 1 root root 72908 2008-09-17 16:45 z60_libsane.rules.dpkg-old
-rw-r--r-- 1 root root 7117 2009-04-12 00:32 z60_xserver-xorg-input-wacom.rules
-rw-r--r-- 1 root root 6661 2008-09-17 16:45 z60_xserver-xorg-input-wacom.rules.dpkg-old
-rw-r--r-- 1 root root 217 2008-09-17 16:45 zaptel.perms
-- /sys/:
/sys/block/dm-0/dev
/sys/block/dm-1/dev
/sys/block/dm-2/dev
/sys/block/dm-3/dev
/sys/block/dm-4/dev
/sys/block/fd0/dev
/sys/block/md10/dev
/sys/block/md11/dev
/sys/block/md12/dev
/sys/block/md13/dev
/sys/block/md1/dev
/sys/block/md5/dev
/sys/block/md6/dev
/sys/block/md7/dev
/sys/block/md8/dev
/sys/block/md9/dev
/sys/block/nbd0/dev
/sys/block/nbd10/dev
/sys/block/nbd11/dev
/sys/block/nbd12/dev
/sys/block/nbd13/dev
/sys/block/nbd14/dev
/sys/block/nbd15/dev
/sys/block/nbd1/dev
/sys/block/nbd2/dev
/sys/block/nbd3/dev
/sys/block/nbd4/dev
/sys/block/nbd5/dev
/sys/block/nbd6/dev
/sys/block/nbd7/dev
/sys/block/nbd8/dev
/sys/block/nbd9/dev
/sys/block/ram0/dev
/sys/block/ram10/dev
/sys/block/ram11/dev
/sys/block/ram12/dev
/sys/block/ram13/dev
/sys/block/ram14/dev
/sys/block/ram15/dev
/sys/block/ram1/dev
/sys/block/ram2/dev
/sys/block/ram3/dev
/sys/block/ram4/dev
/sys/block/ram5/dev
/sys/block/ram6/dev
/sys/block/ram7/dev
/sys/block/ram8/dev
/sys/block/ram9/dev
/sys/block/sda/dev
/sys/block/sda/sda10/dev
/sys/block/sda/sda11/dev
/sys/block/sda/sda12/dev
/sys/block/sda/sda13/dev
/sys/block/sda/sda1/dev
/sys/block/sda/sda2/dev
/sys/block/sda/sda3/dev
/sys/block/sda/sda5/dev
/sys/block/sda/sda6/dev
/sys/block/sda/sda7/dev
/sys/block/sda/sda8/dev
/sys/block/sda/sda9/dev
/sys/block/sdb/dev
/sys/block/sdb/sdb10/dev
/sys/block/sdb/sdb11/dev
/sys/block/sdb/sdb12/dev
/sys/block/sdb/sdb13/dev
/sys/block/sdb/sdb1/dev
/sys/block/sdb/sdb2/dev
/sys/block/sdb/sdb3/dev
/sys/block/sdb/sdb5/dev
/sys/block/sdb/sdb6/dev
/sys/block/sdb/sdb7/dev
/sys/block/sdb/sdb8/dev
/sys/block/sdb/sdb9/dev
/sys/block/sdc/dev
/sys/block/sdc/sdc10/dev
/sys/block/sdc/sdc11/dev
/sys/block/sdc/sdc12/dev
/sys/block/sdc/sdc13/dev
/sys/block/sdc/sdc1/dev
/sys/block/sdc/sdc2/dev
/sys/block/sdc/sdc3/dev
/sys/block/sdc/sdc5/dev
/sys/block/sdc/sdc6/dev
/sys/block/sdc/sdc7/dev
/sys/block/sdc/sdc8/dev
/sys/block/sdc/sdc9/dev
/sys/block/sdd/dev
/sys/block/sdd/sdd10/dev
/sys/block/sdd/sdd11/dev
/sys/block/sdd/sdd12/dev
/sys/block/sdd/sdd13/dev
/sys/block/sdd/sdd1/dev
/sys/block/sdd/sdd2/dev
/sys/block/sdd/sdd3/dev
/sys/block/sdd/sdd5/dev
/sys/block/sdd/sdd6/dev
/sys/block/sdd/sdd7/dev
/sys/block/sdd/sdd8/dev
/sys/block/sdd/sdd9/dev
/sys/block/sde/dev
/sys/block/sde/sde1/dev
/sys/block/sdf/dev
/sys/block/sdf/sdf1/dev
/sys/block/sdf/sdf2/dev
/sys/block/sdf/sdf3/dev
/sys/block/sdf/sdf4/dev
/sys/block/sdf/sdf5/dev
/sys/block/sdf/sdf6/dev
/sys/block/sdf/sdf7/dev
/sys/block/sdg/dev
/sys/block/sdh/dev
/sys/block/sdi/dev
/sys/block/sdj/dev
/sys/block/sdk/dev
/sys/block/sdk/sdk1/dev
/sys/block/sdk/sdk2/dev
/sys/block/sr0/dev
/sys/block/sr1/dev
/sys/class/bsg/0:0:0:0/dev
/sys/class/bsg/1:0:0:0/dev
/sys/class/bsg/2:0:0:0/dev
/sys/class/bsg/3:0:0:0/dev
/sys/class/bsg/4:0:0:0/dev
/sys/class/bsg/5:0:0:0/dev
/sys/class/bsg/6:0:0:0/dev
/sys/class/bsg/7:0:0:0/dev
/sys/class/bsg/8:0:0:0/dev
/sys/class/bsg/8:0:0:1/dev
/sys/class/bsg/8:0:0:2/dev
/sys/class/bsg/8:0:0:3/dev
/sys/class/bsg/9:0:0:0/dev
/sys/class/graphics/fb0/dev
/sys/class/hidraw/hidraw0/dev
/sys/class/hidraw/hidraw1/dev
/sys/class/i2c-dev/i2c-0/dev
/sys/class/i2c-dev/i2c-1/dev
/sys/class/input/input0/event0/dev
/sys/class/input/input1/event1/dev
/sys/class/input/input1/mouse0/dev
/sys/class/input/input2/event2/dev
/sys/class/input/input2/mouse1/dev
/sys/class/input/input3/event3/dev
/sys/class/input/input4/event4/dev
/sys/class/input/input5/event5/dev
/sys/class/input/input6/event6/dev
/sys/class/input/input7/event7/dev
/sys/class/input/mice/dev
/sys/class/misc/cpu_dma_latency/dev
/sys/class/misc/device-mapper/dev
/sys/class/misc/fuse/dev
/sys/class/misc/hpet/dev
/sys/class/misc/kvm/dev
/sys/class/misc/mcelog/dev
/sys/class/misc/microcode/dev
/sys/class/misc/network_latency/dev
/sys/class/misc/network_throughput/dev
/sys/class/misc/psaux/dev
/sys/class/misc/snapshot/dev
/sys/class/rtc/rtc0/dev
/sys/class/scsi_generic/sg0/dev
/sys/class/scsi_generic/sg10/dev
/sys/class/scsi_generic/sg11/dev
/sys/class/scsi_generic/sg12/dev
/sys/class/scsi_generic/sg1/dev
/sys/class/scsi_generic/sg2/dev
/sys/class/scsi_generic/sg3/dev
/sys/class/scsi_generic/sg4/dev
/sys/class/scsi_generic/sg5/dev
/sys/class/scsi_generic/sg6/dev
/sys/class/scsi_generic/sg7/dev
/sys/class/scsi_generic/sg8/dev
/sys/class/scsi_generic/sg9/dev
/sys/class/sound/adsp2/dev
/sys/class/sound/adsp/dev
/sys/class/sound/audio2/dev
/sys/class/sound/audio3/dev
/sys/class/sound/audio/dev
/sys/class/sound/controlC0/dev
/sys/class/sound/controlC1/dev
/sys/class/sound/controlC2/dev
/sys/class/sound/controlC3/dev
/sys/class/sound/dsp2/dev
/sys/class/sound/dsp3/dev
/sys/class/sound/dsp/dev
/sys/class/sound/mixer1/dev
/sys/class/sound/mixer2/dev
/sys/class/sound/mixer3/dev
/sys/class/sound/mixer/dev
/sys/class/sound/pcmC0D0c/dev
/sys/class/sound/pcmC0D0p/dev
/sys/class/sound/pcmC0D1c/dev
/sys/class/sound/pcmC0D1p/dev
/sys/class/sound/pcmC0D2c/dev
/sys/class/sound/pcmC1D3p/dev
/sys/class/sound/pcmC2D0c/dev
/sys/class/sound/pcmC2D1c/dev
/sys/class/sound/pcmC3D0c/dev
/sys/class/sound/seq/dev
/sys/class/sound/sequencer2/dev
/sys/class/sound/sequencer/dev
/sys/class/sound/timer/dev
/sys/class/usb_device/usbdev10.1/dev
/sys/class/usb_device/usbdev11.1/dev
/sys/class/usb_device/usbdev1.1/dev
/sys/class/usb_device/usbdev2.1/dev
/sys/class/usb_device/usbdev3.10/dev
/sys/class/usb_device/usbdev3.1/dev
/sys/class/usb_device/usbdev3.2/dev
/sys/class/usb_device/usbdev3.3/dev
/sys/class/usb_device/usbdev3.4/dev
/sys/class/usb_device/usbdev3.5/dev
/sys/class/usb_device/usbdev3.6/dev
/sys/class/usb_device/usbdev3.7/dev
/sys/class/usb_device/usbdev3.8/dev
/sys/class/usb_device/usbdev3.9/dev
/sys/class/usb_device/usbdev4.1/dev
/sys/class/usb_device/usbdev5.1/dev
/sys/class/usb_device/usbdev6.1/dev
/sys/class/usb_device/usbdev7.1/dev
/sys/class/usb_device/usbdev8.1/dev
/sys/class/usb_device/usbdev9.1/dev
/sys/class/usb_endpoint/usbdev10.1_ep00/dev
/sys/class/usb_endpoint/usbdev10.1_ep81/dev
/sys/class/usb_endpoint/usbdev11.1_ep00/dev
/sys/class/usb_endpoint/usbdev11.1_ep81/dev
/sys/class/usb_endpoint/usbdev1.1_ep00/dev
/sys/class/usb_endpoint/usbdev1.1_ep81/dev
/sys/class/usb_endpoint/usbdev2.1_ep00/dev
/sys/class/usb_endpoint/usbdev2.1_ep81/dev
/sys/class/usb_endpoint/usbdev3.10_ep00/dev
/sys/class/usb_endpoint/usbdev3.10_ep02/dev
/sys/class/usb_endpoint/usbdev3.10_ep81/dev
/sys/class/usb_endpoint/usbdev3.1_ep00/dev
/sys/class/usb_endpoint/usbdev3.1_ep81/dev
/sys/class/usb_endpoint/usbdev3.2_ep00/dev
/sys/class/usb_endpoint/usbdev3.2_ep81/dev
/sys/class/usb_endpoint/usbdev3.3_ep00/dev
/sys/class/usb_endpoint/usbdev3.3_ep81/dev
/sys/class/usb_endpoint/usbdev3.4_ep00/dev
/sys/class/usb_endpoint/usbdev3.4_ep81/dev
/sys/class/usb_endpoint/usbdev3.5_ep00/dev
/sys/class/usb_endpoint/usbdev3.5_ep81/dev
/sys/class/usb_endpoint/usbdev3.5_ep82/dev
/sys/class/usb_endpoint/usbdev3.6_ep00/dev
/sys/class/usb_endpoint/usbdev3.6_ep02/dev
/sys/class/usb_endpoint/usbdev3.6_ep81/dev
/sys/class/usb_endpoint/usbdev3.6_ep83/dev
/sys/class/usb_endpoint/usbdev3.7_ep00/dev
/sys/class/usb_endpoint/usbdev3.7_ep81/dev
/sys/class/usb_endpoint/usbdev3.8_ep00/dev
/sys/class/usb_endpoint/usbdev3.8_ep81/dev
/sys/class/usb_endpoint/usbdev3.9_ep00/dev
/sys/class/usb_endpoint/usbdev3.9_ep01/dev
/sys/class/usb_endpoint/usbdev3.9_ep82/dev
/sys/class/usb_endpoint/usbdev4.1_ep00/dev
/sys/class/usb_endpoint/usbdev4.1_ep81/dev
/sys/class/usb_endpoint/usbdev5.1_ep00/dev
/sys/class/usb_endpoint/usbdev5.1_ep81/dev
/sys/class/usb_endpoint/usbdev6.1_ep00/dev
/sys/class/usb_endpoint/usbdev6.1_ep81/dev
/sys/class/usb_endpoint/usbdev7.1_ep00/dev
/sys/class/usb_endpoint/usbdev7.1_ep81/dev
/sys/class/usb_endpoint/usbdev8.1_ep00/dev
/sys/class/usb_endpoint/usbdev8.1_ep81/dev
/sys/class/usb_endpoint/usbdev9.1_ep00/dev
/sys/class/usb_endpoint/usbdev9.1_ep81/dev
/sys/class/video4linux/radio0/dev
/sys/class/video4linux/vbi0/dev
/sys/class/video4linux/video0/dev
/sys/class/video4linux/video1/dev
/sys/dev
/sys/devices/pci0000:00/0000:00:1a.0/usb4/dev
/sys/devices/pci0000:00/0000:00:1a.1/usb5/dev
/sys/devices/pci0000:00/0000:00:1a.2/usb6/dev
/sys/devices/pci0000:00/0000:00:1a.7/usb1/dev
/sys/devices/pci0000:00/0000:00:1d.0/usb7/dev
/sys/devices/pci0000:00/0000:00:1d.1/usb8/dev
/sys/devices/pci0000:00/0000:00:1d.2/usb9/dev
/sys/devices/pci0000:00/0000:00:1d.7/usb2/dev
/sys/devices/pci0000:00/0000:00:1e.0/0000:05:02.0/usb10/dev
/sys/devices/pci0000:00/0000:00:1e.0/0000:05:02.1/usb11/dev
/sys/devices/pci0000:00/0000:00:1e.0/0000:05:02.2/usb3/3-1/3-1.1/dev
/sys/devices/pci0000:00/0000:00:1e.0/0000:05:02.2/usb3/3-1/3-1.4/dev
/sys/devices/pci0000:00/0000:00:1e.0/0000:05:02.2/usb3/3-1/dev
/sys/devices/pci0000:00/0000:00:1e.0/0000:05:02.2/usb3/3-2/3-2.1/dev
/sys/devices/pci0000:00/0000:00:1e.0/0000:05:02.2/usb3/3-2/3-2.2/dev
/sys/devices/pci0000:00/0000:00:1e.0/0000:05:02.2/usb3/3-2/dev
/sys/devices/pci0000:00/0000:00:1e.0/0000:05:02.2/usb3/3-4/3-4.1/dev
/sys/devices/pci0000:00/0000:00:1e.0/0000:05:02.2/usb3/3-4/3-4.2/dev
/sys/devices/pci0000:00/0000:00:1e.0/0000:05:02.2/usb3/3-4/dev
/sys/devices/pci0000:00/0000:00:1e.0/0000:05:02.2/usb3/dev
-- Kernel configuration:
isapnp_init not present.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.30-rc6-v2-v (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages udev depends on:
ii debconf [debconf-2.0] 1.5.26 Debian configuration management sy
ii libc6 2.9-4 GNU C Library: Shared libraries
ii libselinux1 2.0.71-1 SELinux shared libraries
ii libvolume-id1 0.141-1 libvolume_id shared library
ii lsb-base 3.2-22 Linux Standard Base 3.2 init scrip
udev recommends no packages.
udev suggests no packages.
-- debconf-show failed
More information about the Secure-testing-team
mailing list