FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 09-21-2010, 04:13 AM
~Stack~
 
Default Question about CVE-2010-3081

Hey guys,
I am running the 64bit version of Squeeze. I am sure you guys have heard
about the issues surrounding CVE-2010-3081 as it has made all kinds of
news this past weekend. I have done some reading on it and while I am
not paranoid enough to yank the connection from the wall, I must admit
that with almost every one of my tech news sources freaking out about it
these past few days I am being tempted by all the fear-mongering media
outlets...

When I first saw the Debian advisory[1] I just brushed it off and
thought nothing of it. It seemed to have already been patched so I would
simply update the next time I saw that there was a kernel update.
However, the tracker[2] is still showing it to be vulnerable in Squeeze.

[1] http://www.debian.org/security/2010/dsa-2110
[2] http://security-tracker.debian.org/tracker/CVE-2010-3081

Ksplice seems to be toting a patch as well as a scanner[3], but one look
at the scanner code and I am not entirely sure I want to run it. Any
code this obfuscated gives me the creeps. I have to side with /. on this
one[4]. I checked around and was unable to find anything about
chkrootkit being able to detect this one yet.

[3] https://www.ksplice.com/uptrack/cve-2010-3081.ssi.xhtml
[4] http://linux.slashdot.org/comments.pl?sid=1792608&cid=33632118

I thought I would check in with the list before I go too crazy. Anyone
know when the patch is going to be pushed out to Squeeze? Anyone know
when/if there will be a vulnerability scanner for this that doesn't look
so scary? Have I missed something that makes all this pointless? :-P

Thanks!
~Stack~
 
Old 09-21-2010, 07:22 AM
Tixy
 
Default Question about CVE-2010-3081

On Mon, 2010-09-20 at 23:13 -0500, ~Stack~ wrote:
<snip>
> Anyone know when the patch is going to be pushed out to Squeeze?

Today by the looks of it, see
http://packages.qa.debian.org/l/linux-2.6.html

If you're really worried, you could install it from the unstable
repository rather than waiting for it to migrate to Squeeze.


--
Tixy () The ASCII Ribbon Campaign (www.asciiribbon.org)
/ Against HTML e-mail and proprietary attachments


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 1285053735.2244.6.camel@computer2.home">http://lists.debian.org/1285053735.2244.6.camel@computer2.home
 
Old 09-21-2010, 07:52 AM
Camaleón
 
Default Question about CVE-2010-3081

On Mon, 20 Sep 2010 23:13:37 -0500, ~Stack~ wrote:

(...)

> When I first saw the Debian advisory[1] I just brushed it off and
> thought nothing of it. It seemed to have already been patched so I would
> simply update the next time I saw that there was a kernel update.
> However, the tracker[2] is still showing it to be vulnerable in Squeeze.

As per this source:

***
http://secure-testing-master.debian.net/

Limitations

For several reasons, the security support for testing cannot be expected
to be of the same quality as for Debian's stable branch:

* Updates for testing-security usually receive less testing than updates
for stable-security.
* Testing is changing all the time which increases the likelihood of
problems with the build infrastructure. Such problems can delay security
updates in testing.
***

I'm afraid we'll have to wait a bit.

It should be underway, though, as seems already fixed in unstable.

http://security-tracker.debian.org/tracker/status/release/testing?show_high_urgency=1

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: pan.2010.09.21.07.52.31@gmail.com">http://lists.debian.org/pan.2010.09.21.07.52.31@gmail.com
 

Thread Tools




All times are GMT. The time now is 10:14 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org