Bulletin d'alerte Debian

DSA-1772-1 udev -- Plusieurs vulnérabilités

Date du rapport :
16 avril 2009
Paquets concernés :
udev
Vulnérabilité :
Oui
Références dans la base de données de sécurité :
Dans le dictionnaire CVE du Mitre : CVE-2009-1185, CVE-2009-1186.
Plus de précisions :

Sebastian Kramer a découvert deux vulnérabilités dans udev, le démon de gestion de /dev et du branchement à chaud.

  • CVE-2009-1185

    udev ne vérifie pas l'origine des messages NETLINK, permettant aux utilisateurs locaux d'obtenir les droits du superutilisateur.

  • CVE-2009-1186

    udev est victime d'une condition de dépassement de tampon dans l'encodage du chemin, permettant éventuellement l'exécution de code arbitraire.

Pour l'ancienne distribution stable (Etch), ces problèmes ont été corrigés dans la version 0.105-4etch1.

Pour la distribution stable (Lenny), ces problèmes ont été corrigés dans la version 0.125-7+lenny1.

Pour la distribution unstable (Sid), ces problèmes seront corrigés prochainement.

Nous vous recommandons de mettre à jour votre paquet udev.

Corrigé dans :

Debian GNU/Linux 4.0 (etch)

Source :
http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1.diff.gz
http://security.debian.org/pool/updates/main/u/udev/udev_0.105.orig.tar.gz
http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1.dsc
Alpha:
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_alpha.udeb
http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_alpha.deb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_alpha.deb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_amd64.deb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_amd64.deb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_amd64.deb
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_amd64.udeb
ARM:
http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_arm.deb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_arm.deb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_arm.deb
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_arm.udeb
HP Precision:
http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_hppa.deb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_hppa.deb
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_hppa.udeb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_i386.deb
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_i386.udeb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_i386.deb
http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_ia64.deb
http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_ia64.deb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_ia64.deb
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_ia64.udeb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_mips.deb
http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_mips.deb
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_mips.udeb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_mipsel.deb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_mipsel.deb
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_mipsel.udeb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_powerpc.udeb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_powerpc.deb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_powerpc.deb
http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_s390.deb
http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_s390.deb
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_s390.udeb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_sparc.udeb
http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_sparc.deb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_sparc.deb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_sparc.deb

Debian GNU/Linux 5.0 (lenny)

Source :
http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1.diff.gz
http://security.debian.org/pool/updates/main/u/udev/udev_0.125.orig.tar.gz
http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1.dsc
Alpha:
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_alpha.udeb
http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_amd64.udeb
http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_arm.deb
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_arm.udeb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_arm.deb
http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_arm.deb
ARM EABI:
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_armel.deb
http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_armel.deb
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_armel.udeb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_armel.deb
HP Precision:
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_hppa.udeb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_i386.deb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_i386.deb
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_i386.udeb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_ia64.udeb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_ia64.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_mips.udeb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_mips.deb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_mips.deb
http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_mipsel.udeb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_powerpc.udeb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_s390.deb
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_s390.udeb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_s390.deb
http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_sparc.udeb

Les sommes MD5 des fichiers indiqués sont disponibles sur la page originale de l'alerte de sécurité.