Debian update for kernel-patch-vserver / util-vserver - Secunia Advisories - Vulnerability Intelligence

Debian update for kernel-patch-vserver / util-vserver
Secunia Advisory:	SA19339	Advisory Toolbox: Issue ticket Save in to-do list Mark as handled Exploit information Download as PDF Review actions Add comment
Release Date:	2006-03-22
Popularity:	5,838 views

Critical:	Less critical
Impact:	Security Bypass
Where:	Local system
Solution Status:	Vendor Patch

OS:	Debian GNU/Linux 3.1 Debian GNU/Linux unstable alias sid

Subscribe:	Instant alerts on relevant vulnerabilities

CVE reference:	CVE-2005-4347 CVE-2005-4418

Description: Debian has issued updates for kernel-patch-vserver and util-vserver. This fixes two security issues, which can be exploited by malicious programs to bypass certain security restrictions. 1) The 2.4 kernel patch included in the kernel-patch-vserver package does not properly setup the chroot barrier when used with util-vserver. This may result in unauthorised escapes from a vserver to the host system. 2) The default policy of util-vserver is set to trust all unknown capabilities instead of considering them as insecure. For more information: SA19333 Solution: Apply updated packages. -- Debian GNU/Linux 3.1 alias sarge -- Source archives: http://security.debian.org/pool/updat...rver/kernel-patch-vserver_1.9.5.5.dsc Size/MD5 checksum: 637 415731be72a9cd966e2fdb5d4f408c4a http://security.debian.org/pool/updat...r/kernel-patch-vserver_1.9.5.5.tar.gz Size/MD5 checksum: 950447 fe6b34612095d2fbdbaab5aefbd83264 http://security.debian.org/pool/updat...ver/util-vserver_0.30.204-5sarge3.dsc Size/MD5 checksum: 752 e32069a5ca2ef2bc87794cd6c2160821 http://security.debian.org/pool/updat...util-vserver_0.30.204-5sarge3.diff.gz Size/MD5 checksum: 115947 d0bb2cd998a73905189ee24b5f46dd0d http://security.debian.org/pool/updat...ver/util-vserver_0.30.204.orig.tar.gz Size/MD5 checksum: 677831 b315f375b1cef48da1b644dec18f22bd Architecture independent components: http://security.debian.org/pool/updat.../kernel-patch-vserver_1.9.5.5_all.deb Size/MD5 checksum: 436934 b50048ea819d150d660ed96e3988613b Alpha architecture: http://security.debian.org/pool/updat...il-vserver_0.30.204-5sarge3_alpha.deb Size/MD5 checksum: 600660 e52fe0ff93e4c9ca7d58fe8386ebab5a AMD64 architecture: http://security.debian.org/pool/updat...il-vserver_0.30.204-5sarge3_amd64.deb Size/MD5 checksum: 429530 c4155982844c085b7d9bc59d7eaa02c4 Intel IA-32 architecture: http://security.debian.org/pool/updat...til-vserver_0.30.204-5sarge3_i386.deb Size/MD5 checksum: 398794 56831faa6fa6d76c601fee78251f50eb Intel IA-64 architecture: http://security.debian.org/pool/updat...til-vserver_0.30.204-5sarge3_ia64.deb Size/MD5 checksum: 640332 ab2b2e4283ca5b62c9d9cf5776b6dadb Big endian MIPS architecture: http://security.debian.org/pool/updat...til-vserver_0.30.204-5sarge3_mips.deb Size/MD5 checksum: 612918 e4a60532f25ce776880261de79278e85 Little endian MIPS architecture: http://security.debian.org/pool/updat...l-vserver_0.30.204-5sarge3_mipsel.deb Size/MD5 checksum: 614152 f3aee29aad2682878f8ed22064f3fafa PowerPC architecture: http://security.debian.org/pool/updat...-vserver_0.30.204-5sarge3_powerpc.deb Size/MD5 checksum: 425444 9a7542249c2b70661abab2afd5270462 IBM S/390 architecture: http://security.debian.org/pool/updat...til-vserver_0.30.204-5sarge3_s390.deb Size/MD5 checksum: 440880 376560971a0d2db4bfd51beb67d42bff Sun Sparc architecture: http://security.debian.org/pool/updat...il-vserver_0.30.204-5sarge3_sparc.deb Size/MD5 checksum: 395640 51e24ac4754b1aa41277378ee9271a1f -- Debian GNU/Linux unstable alias sid -- Fixed in version 2.3 of kernel-patch-vserver and in version 0.30.208-1 of util-vserver. Provided and/or discovered by: The vendor credits Bjørn Steinbrink. Original Advisory: http://www.debian.org/security/2006/dsa-1011 Other References: SA19333: http://secunia.com/advisories/19333/

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released. Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Latest Advisories

21st Nov, 2008

New advisories:	12
New vulnerabilities:	46
Updated advisories:	20

Highly // 1,219 views

Apple iPhone / iPod touch Multiple Vulnerabilities

Moderately // 707 views

vBulletin Visitor Messages Script Insertion Vulnerability

Less // 685 views

SemanticScuttle Cross-Site Scripting Vulnerabilities

Moderately // 684 views

Easyedit CMS Multiple SQL Injection Vulnerabilities

Highly // 673 views

Fedora update for thunderbird

Less // 717 views

IBM Workplace Web Content Management Cross-Site Scripting Vulnerabilities

Highly // 985 views

BitDefender Antivirus PDF Processing Memory Corruption Vulnerability

Moderately // 724 views

xt:Commerce SQL Injection Vulnerability

Less // 666 views

Softbiz Classifieds Script "msg" Cross-Site Scripting Vulnerability

Not // 908 views

Checkpoint VPN-1 Information Disclosure Vulnerability

Solutions | More...

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.