Debian Security Advisory
kernel -- bug in capabilities handling allows root exploits
- Date Reported:
- 12 Jun 2000
- Affected Packages:
- kernel-image, kernel-source
- Security database references:
- No other external database security references currently available.
- More information:
There is a widely-reported problem with the handling of POSIX capabilities
in the Linux kernel that can lead to root compromise in setuid applications.
This bug does not affect kernels in the 2.0 or earlier series; the
2.0 kernels installed by default in Debian GNU/Linux 2.1 (slink) are
not vulnerable. If you are running a kernel with a version of
2.1.*, 2.2.*, or 2.3.*, you should upgrade immediately.
The Debian kernel source package currently in potato, kernel-source-2.2.15-3, and binaries built from it, such as kernel-image-2.2.15-2 (or more recent versions), are patched to prevent this vulnerability. If you prefer to download kernel source from a mirror of ftp.kernel.org instead of using the debian package, you should download 2.2.16 or better.