Last Wednesday it was discovered
gluck.debian.org had been compromised. Several Debian services, hosted on
gluck, were unavailable while that machine was taken offline for
examination and reinstall. Other debian.org machines were also locked down
until the vulnerability could be found and fixed.
Gluck and other machines were restored to
service by the following day. A local root vulnerability in the
Linux kernel was used to gain root
access through a compromised developer account.
This issue exists in Linux kernels from 2.6.13 and up to 184.108.40.206, or in
2.6.16 up to 220.127.116.11. Debian Sarge uses Linux kernel 2.6.8 and is not
to post comments)