ID

VAR-200904-0291

CVE

CVE-2009-1185

TITLE

udev Elevation of privilege vulnerability

DESCRIPTION

udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. Local attackers may exploit this issue to gain elevated privileges, which may lead to a complete compromise of the system. Versions prior to udev 141 are vulnerable. Its main function is to manage device nodes in the /dev directory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2009-0009 Synopsis: ESX Service Console updates for udev, sudo, and curl Issue date: 2009-07-10 Updated on: 2009-07-10 (initial release of advisory) CVE numbers: CVE-2009-1185 CVE-2009-0034 CVE-2009-0037 - ----------------------------------------------------------------------- 1. Summary Update for Service Console packages udev,sudo, and curl 2. Relevant releases VMware ESX 4.0.0 without bulletin ESX400-200906411-SG, ESX400-200906406-SG, ESX400-200906407-SG. 3. Problem Description a. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1185 to this issue. Please see http://kb.vmware.com/kb/1011786 for details. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-200906411-SG ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 3.0.2 ESX not affected ESX 2.5.5 ESX not affected * hosted products are VMware Workstation, Player, ACE, Server, Fusion. b. Service Console package sudo Service Console package for sudo has been updated to version sudo-1.6.9p17-3. This fixes the following issue: Sudo versions 1.6.9p17 through 1.6.9p19 do not properly interpret a system group in the sudoers file during authorization decisions for a user who belongs to that group, which might allow local users to leverage an applicable sudoers file and gain root privileges by using a sudo command. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0034 to this issue. Please see http://kb.vmware.com/kb/1011781 for more details The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-200906411-SG ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 3.0.2 ESX not affected ESX 2.5.5 ESX not affected * hosted products are VMware Workstation, Player, ACE, Server, Fusion. c. Service Console package curl Service Console package for curl has been updated to version curl-7.15.5-2.1. This fixes the following issue: The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to trigger arbitrary requests to intranet servers, read or overwrite arbitrary files by using a redirect to a file: URL, or execute arbitrary commands by using a redirect to an scp: URL. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0037 to this issue. Please see http://kb.vmware.com/kb/1011782 for details The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-200906407-SG ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 3.0.2 ESX not affected ESX 2.5.5 ESX not affected * hosted products are VMware Workstation, Player, ACE, Server, Fusion. 4. Solution Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file. ESX 4.0 ------- ESX400-200906001 http://tinyurl.com/ncfu5s md5sum:cab549922f3429b236633c0e81351cde sha1sum:aff76554ec5ee3c915eb4eac02e62c131163059a Note: ESX400-200906001 contains the following security fixes ESX400-200906411-SG, ESX400-200906406-SG, ESX400-200906405-SG, ESX400-200906407-SG. To install an individual bulletin use esxupdate with the -b option. esxupdate --bundle ESX400-200906001.zip -b ESX400-200906411-SG \ -b ESX400-200906406-SG -b ESX400-200906405-SG -b \ ESX400-200906407-SG update 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0034 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037 - ------------------------------------------------------------------------- 6. Change log 2009-07-10 VMSA-2009-0008 Initial security advisory after release of bulletins for ESX 4.0 on 2009-07-10. - ------------------------------------------------------------------------ 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2009 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) iD8DBQFKV9esS2KysvBH1xkRAn2bAJ91HvmEkAxVpRxehax8rGzBd+ufcwCeIhk8 zk/ROHHbZJmWN44MlbMIx/8= =fQaI -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200904-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: udev: Multiple vulnerabilities Date: April 18, 2009 Bugs: #266290 ID: 200904-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Two errors in udev allow for a local root compromise and a Denial of Service. Background ========== udev is the device manager used in the Linux 2.6 kernel series. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-fs/udev < 124-r2 >= 124-r2 Description =========== Sebastian Krahmer of SUSE discovered the following two vulnerabilities: * udev does not verify the origin of NETLINK messages properly (CVE-2009-1185). * A buffer overflow exists in the util_path_encode() function in lib/libudev-util.c (CVE-2009-1186). Workaround ========== There is no known workaround at this time. Resolution ========== All udev users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-fs/udev-124-r2" References ========== [ 1 ] CVE-2009-1185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185 [ 2 ] CVE-2009-1186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1186 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200904-18.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . The updated packages have been patched to prevent this. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1186 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 8268a6d9b8b782f008c6bad08081aa1f 2008.0/i586/libvolume_id0-114-7.1mdv2008.0.i586.rpm f25010279ad483a4bd1df3300be1eff5 2008.0/i586/libvolume_id0-devel-114-7.1mdv2008.0.i586.rpm 527afa06fad5b28de6ba60c12c5cc685 2008.0/i586/udev-114-7.1mdv2008.0.i586.rpm b472ccee86044dba507029b63385e306 2008.0/i586/udev-doc-114-7.1mdv2008.0.i586.rpm 33a3aeb9701b9a90b776b08595055f05 2008.0/i586/udev-tools-114-7.1mdv2008.0.i586.rpm b6057c15bb22b381d07ee45a6bc81974 2008.0/SRPMS/udev-114-7.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 8e05d00d129d11f2442390ec7dd4174c 2008.0/x86_64/lib64volume_id0-114-7.1mdv2008.0.x86_64.rpm 2718c04a037f773bca23b010265071ce 2008.0/x86_64/lib64volume_id0-devel-114-7.1mdv2008.0.x86_64.rpm 6756f2bb0dad6dee8188e5dccc1f92cb 2008.0/x86_64/udev-114-7.1mdv2008.0.x86_64.rpm b65a69fde92e29d6affa25d32e881dff 2008.0/x86_64/udev-doc-114-7.1mdv2008.0.x86_64.rpm bf39012f0e457b61fd203711625d78dc 2008.0/x86_64/udev-tools-114-7.1mdv2008.0.x86_64.rpm b6057c15bb22b381d07ee45a6bc81974 2008.0/SRPMS/udev-114-7.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLF8RvmqjQ0CJFipgRAp5ZAJ0YBHRyssp4RsoVDk8awKDSM9mnhACgqeEn aP7lY4N3P6dafT+v4TzBfgE= =S27a -----END PGP SIGNATURE----- . CVE-2009-1186 udev suffers from a buffer overflow condition in path encoding, potentially allowing arbitrary code execution. For the old stable distribution (etch), these problems have been fixed in version 0.105-4etch1. For the stable distribution (lenny), these problems have been fixed in version 0.125-7+lenny1. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your udev package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1.diff.gz Size/MD5 checksum: 65496 c004ab727c31c58012eb518ea1293c06 http://security.debian.org/pool/updates/main/u/udev/udev_0.105.orig.tar.gz Size/MD5 checksum: 188150 9d58389d5ef915c49681cae4fba3cd60 http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1.dsc Size/MD5 checksum: 653 11e4e0cb9bc8cb2f93890e80e9314a7b alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_alpha.udeb Size/MD5 checksum: 133696 82ebf80715efaa545bb98fa92b5c6e30 http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_alpha.deb Size/MD5 checksum: 293006 6e1ff1cf34638ebe01d6a7cc3771eef9 http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_alpha.deb Size/MD5 checksum: 25892 17fc41c4605c256b933cefcda3c21a48 http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_alpha.deb Size/MD5 checksum: 67762 335db6bf028839d64d656b3b243d3e23 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_amd64.deb Size/MD5 checksum: 277954 4daf7f67c7ddb2bea7906c3a2e5f4450 http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_amd64.deb Size/MD5 checksum: 17570 abb465d39529deff8a8a44e6e3511e92 http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_amd64.deb Size/MD5 checksum: 64016 1fa7e638e153131fae0794bdfa29f10e http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_amd64.udeb Size/MD5 checksum: 118680 18f17e7030d7ec1c8445e8b2e5420150 arm architecture (ARM) http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_arm.deb Size/MD5 checksum: 266724 8cb242b97c43b91065a51ad06e341c26 http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_arm.deb Size/MD5 checksum: 65394 053e04d02f57089c52ee9ed2dedd1824 http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_arm.deb Size/MD5 checksum: 18146 06aaf0730d2822b9efc3658d9c6aad6f http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_arm.udeb Size/MD5 checksum: 108792 d1d15e13b7acaf80449d70a46474d5cc hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_hppa.deb Size/MD5 checksum: 284024 5a95e42a4bc958ea800d0ad2fc7137f7 http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_hppa.deb Size/MD5 checksum: 69216 1fa0f6be4314a15c272008889ad5cdd3 http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_hppa.udeb Size/MD5 checksum: 123292 9423477a619848bc5b897c183578eedf http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_hppa.deb Size/MD5 checksum: 22822 2e425348f052eb7227af5b4162d87886 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_i386.deb Size/MD5 checksum: 62672 1fb6a5c71a746c54d2d153f82d156622 http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_i386.udeb Size/MD5 checksum: 104858 6755b7f2be45c09dcfbeba11b71fb2b4 http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_i386.deb Size/MD5 checksum: 15596 42d679cf1bf5708e12f2ebe0928d0f17 http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_i386.deb Size/MD5 checksum: 263502 c771e199202b3a30191e562591b2a5f1 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_ia64.deb Size/MD5 checksum: 71234 db3642925a8d81f1d63fa5a194be85ca http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_ia64.deb Size/MD5 checksum: 348482 03798072d8288f3e6080f6a32178a55a http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_ia64.deb Size/MD5 checksum: 26664 f1eeb303578e5d42c46d1d50bedc3427 http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_ia64.udeb Size/MD5 checksum: 178622 1681eaf7e11447c584d199eca57c7829 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_mips.deb Size/MD5 checksum: 21846 c154d642eeaec8a4ff465d0dd7854d6f http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_mips.deb Size/MD5 checksum: 278706 c612857d27e034d3979476512798bb43 http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_mips.udeb Size/MD5 checksum: 123368 547c1b25665f105ca681dbb1efe1841d http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_mips.deb Size/MD5 checksum: 65332 0a7201607ea9d769cbd09ebc96905500 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_mipsel.deb Size/MD5 checksum: 279278 6a3d796f15b65b8b61a991cd2631ef69 http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_mipsel.deb Size/MD5 checksum: 65140 e5d91868a42e3a0c36eb30f512376db1 http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_mipsel.udeb Size/MD5 checksum: 123416 b97a524a2ea9289b38467dd03d5213db http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_mipsel.deb Size/MD5 checksum: 21560 672e1b4ffc6da2e7d8c6ffdbfebd5b51 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_powerpc.udeb Size/MD5 checksum: 109412 149ab68cffb0272aadbd758c45f640fc http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_powerpc.deb Size/MD5 checksum: 18832 d37c3f79c808b6b775e9b5e82c265cdc http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_powerpc.deb Size/MD5 checksum: 65400 e1030bc12fcca0cf4ca2f4000a9d732e http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_powerpc.deb Size/MD5 checksum: 283004 083d7593e935231bfbc1868d54be6899 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_s390.deb Size/MD5 checksum: 66024 63704d890de325cce6d3ab739bfcc5df http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_s390.deb Size/MD5 checksum: 280362 68985aade59854bea6933ba6b9825152 http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_s390.udeb Size/MD5 checksum: 119284 b89e7a4ae300862b138c65d1a65f5861 http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_s390.deb Size/MD5 checksum: 19968 8176690f76660c6dfdbb9d0a0ad1c85b sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_sparc.udeb Size/MD5 checksum: 108102 09f683e56ddcf705f6b0f1ff1465299a http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_sparc.deb Size/MD5 checksum: 261794 0c02b3cc77b22cc7ec88c424bc5342ab http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_sparc.deb Size/MD5 checksum: 66058 44da6bfe900da48fd4ac0b367846c23b http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_sparc.deb Size/MD5 checksum: 18924 2871710daab3972cda3485866c1ff0f7 Debian GNU/Linux 5.0 alias lenny - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1.diff.gz Size/MD5 checksum: 63221 1cdb4f78dc7cf5c5702fa69e3f528724 http://security.debian.org/pool/updates/main/u/udev/udev_0.125.orig.tar.gz Size/MD5 checksum: 254564 be98e04cefdd9ca76b8fe7e92735ce29 http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1.dsc Size/MD5 checksum: 1031 3c1c71e9321ee24dcbb4237bda82ecf8 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_alpha.deb Size/MD5 checksum: 81916 0d0d955ef294f83409f7729287911834 http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_alpha.udeb Size/MD5 checksum: 148990 83667ad6d0c6d0c43ddd851d139f1fd6 http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_alpha.deb Size/MD5 checksum: 281758 61570a51644b3470c4ca8306f6531d2f http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_alpha.deb Size/MD5 checksum: 2436 82668adc7df4b743eff35e1c353f5101 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_amd64.udeb Size/MD5 checksum: 128220 6951de1f9f2a952c718c6322d4cc041c http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_amd64.deb Size/MD5 checksum: 266322 d25ceb9d564f9ff30cc841432588d11a http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_amd64.deb Size/MD5 checksum: 2426 c04b51779d612328c0e63048ae9112e2 http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_amd64.deb Size/MD5 checksum: 77548 68d9da089db647fed48a5e2e126109a0 arm architecture (ARM) http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_arm.deb Size/MD5 checksum: 79020 8990da78870b19da2123a246308b9f42 http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_arm.udeb Size/MD5 checksum: 123542 64e28579a5dd7f20902b4683c1c2d717 http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_arm.deb Size/MD5 checksum: 2438 6749f4622bebfb95248e522d031ac012 http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_arm.deb Size/MD5 checksum: 257106 80d322c9d53711a0fee58af3d027e32d armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_armel.deb Size/MD5 checksum: 2440 27ff9848ed16db7e8c5ca75f0a022403 http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_armel.deb Size/MD5 checksum: 258074 fce468ead3db83d21356f1da16e50e9d http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_armel.udeb Size/MD5 checksum: 124506 2eb7a09d5ee3b5c308ac221851fc1573 http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_armel.deb Size/MD5 checksum: 79228 2c16ecd4418d9fcd3f6dadf85fab95bb hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_hppa.deb Size/MD5 checksum: 84240 5f32416e51f5ee674c8331429bcd71ad http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_hppa.deb Size/MD5 checksum: 274388 9464fdcd2dac50388cf23d2e891fa903 http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_hppa.udeb Size/MD5 checksum: 142578 18523c4afa6e272ed8449dc433bb68ce http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_hppa.deb Size/MD5 checksum: 2438 187adc54d95719c8bf2a20c73b9b820a i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_i386.deb Size/MD5 checksum: 253168 9667472701f5f78e75f944afe4e18a1f http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_i386.deb Size/MD5 checksum: 76280 c9f04437d9c090e54fdfaf4c08b04273 http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_i386.udeb Size/MD5 checksum: 115724 05843396641d6e8eed4d417020969f23 http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_i386.deb Size/MD5 checksum: 2426 ea4c748d93da3e0ffd9c070461fb9ea4 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_ia64.deb Size/MD5 checksum: 85644 2594d69577d4d309f6be2878524641f2 http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_ia64.udeb Size/MD5 checksum: 190230 a682ed3c0b26b059740b37ac0976bd93 http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_ia64.deb Size/MD5 checksum: 2432 0c4b9c1716892330ff482e8a8cb2f12d http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_ia64.deb Size/MD5 checksum: 324656 efa495e7fc30164bb91958f81a5f0e02 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_mips.udeb Size/MD5 checksum: 135612 f596cc4d41bf41fa78d25deae191df8a http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_mips.deb Size/MD5 checksum: 2436 ef6056a525dd10b577dcf3ac162cad18 http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_mips.deb Size/MD5 checksum: 78790 50b801e86b6a29fedac17aa4012cc222 http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_mips.deb Size/MD5 checksum: 270716 15cea80dfc523e1ffadcf609293be4d6 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_mipsel.deb Size/MD5 checksum: 2438 51d32dfc43f95c2579e989d332c6837e http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_mipsel.udeb Size/MD5 checksum: 135566 8a7d0840ba79647dad206aeea62dbc4e http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_mipsel.deb Size/MD5 checksum: 78640 e7197dd434ba99f4bef46f7176b458f1 http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_mipsel.deb Size/MD5 checksum: 270760 53926589b10466163d5ea90008de5b8c powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_powerpc.deb Size/MD5 checksum: 272424 7a9d2807d73e0da05171d50882bb2b44 http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_powerpc.udeb Size/MD5 checksum: 129696 4e24c200eaf8b615603cc7319b449f30 http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_powerpc.deb Size/MD5 checksum: 2442 a0d04b0bf5d8278796d276568940084e http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_powerpc.deb Size/MD5 checksum: 79194 bb40fe52920ee2bfc65f1243ced8268f s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_s390.deb Size/MD5 checksum: 79448 d17034c5d4f29b21f9f6affcc8c31cf3 http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_s390.udeb Size/MD5 checksum: 133264 e34bae7a1639cccb63814f96a014cd37 http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_s390.deb Size/MD5 checksum: 2428 d88d5d9eedc3c5d1bfb2f441d948f9ef http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_s390.deb Size/MD5 checksum: 271886 9eaba049c1bbdf7903fbe52efd296f5b sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_sparc.deb Size/MD5 checksum: 259536 409b46996745484d7514739cfb4cca6e http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_sparc.deb Size/MD5 checksum: 79640 2cc666f27b22a986c6ef5677509e13ad http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_sparc.deb Size/MD5 checksum: 2436 3c928f720d5a3cd021b633f8070ddfd6 http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_sparc.udeb Size/MD5 checksum: 124598 a93970f05ff0c1a9b670e5dd3bacdad8 These files will probably be moved into the stable distribution on its next update

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

access control error

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Sebastian Krahmer krahmer@suse.de

SOURCES

LAST UPDATE DATE

2025-01-14T19:45:42.994000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE