Debian Security Advisory: New version of modutils releasedNov 22, 2000, 21:27 (0 Talkback[s])
(Other stories by Martin Schulze)
Date: Wed, 22 Nov 2000 22:07:02 +0100
Debian Security Advisory firstname.lastname@example.org http://www.debian.org/security/ Martin Schulze November 22, 2000
Package : modutils Problem type : local buffer overflow Debian-specific: noSebastian Krahmer raised an issue in modutils. In an ideal world modprobe should trust the kernel to only pass valid parameters to modprobe. However he has found at least one local root exploit because high level kernel code passed unverified parameters direct from the user to modprobe. So modprobe no longer trusts kernel input and switches to a safemode.
This problem has been fixed in version 2.3.11-13.1 and we recommend that you upgrade your modutils packages immediately.
This problem does not exist in the big elvis package.
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.Debian GNU/Linux 2.1 alias slink
Slink is no longer being supported by the Debian Security Team. We highly recommend an upgrade to the current stable release.
Debian GNU/Linux 2.2 alias potato
Potato was released for the Alpha, ARM, Intel ia32, Motorola 680x0, PowerPC and Sun Sparc architectures. Fixes are available for all of them and will be included in 2.2r2.
Intel ia32 architecture:
Motorola 680x0 architecture:
Sun Sparc architecture:
These files will be moved into
Debian GNU/Linux Unstable alias woody
This version of Debian is not yet released.
Fixes will be made available for Alpha, ARM, Intel ia32, Motorola 680x0, PowerPC, and Sun Sparc in the Debian archive over the next several days.
For not yet released architectures please refer to the appropriate directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
apt-get: deb http://security.debian.org/