LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

rPath alert rPSA-2009-0084-1 (kernel)



From:
    	      rPath Update Announcements <announce-noreply@rpath.com> 


To:
    	      product-announce@lists.rpath.com, security-announce@lists.rpath.com,
        update-announce@lists.rpath.com, product-announce@lists.rpath.com 


Subject:
    	      rPSA-2009-0084-1 kernel 


Date:
    	      Fri, 15 May 2009 22:39:42 -0400


Message-ID:
    	      <4a0e276e.mOi90QgHieLvGJn7%announce-noreply@rpath.com>


Cc:
    	      full-disclosure@lists.grok.org.uk, vulnwatch@vulnwatch.org,
        bugtraq@securityfocus.com, lwn@lwn.net


rPath Security Advisory: 2009-0084-1
Published: 2009-05-15
Products:
    rPath Appliance Platform Linux Service 1
    rPath Appliance Platform Linux Service 2
    rPath Linux 2

Rating: Critical
Exposure Level Classification:
    Local Root Deterministic Privilege Escalation
Updated Versions:
    kernel=conary.rpath.com@rpl:2/2.6.29.3-0.1-1
    kernel=rap.rpath.com@rpath:linux-1/2.6.29.3-1-1

rPath Issue Tracking System:
    https://issues.rpath.com/browse/RPL-2973
    https://issues.rpath.com/browse/RPL-3012
    https://issues.rpath.com/browse/RPL-3022

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1527
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1338
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1242
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1192
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1192
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1439
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0028
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0834
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1337

Description:
    Previous versions of the kernel are subject to multiple vulnerabilities.
    The most serious allows a local non-privileged user to gain unrestricted
    root access.
    
    This update adds support for significant additional hardware.
    
    This update requires a system reboot to implement the fixes.

http://wiki.rpath.com/Advisories:rPSA-2009-0084

Copyright 2009 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds