Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.0610 super security update 29 April 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: super Publisher: Debian Operating System: Debian GNU/Linux 6 Debian GNU/Linux 7 Impact/Access: Root Compromise -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2014-0470 Original Bulletin: http://www.debian.org/security/2014/dsa-2917 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2917-1 security@debian.org http://www.debian.org/security/ Florian Weimer April 28, 2014 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : super CVE ID : CVE-2014-0470 John Lightsey of the Debian Security Audit project discovered that the super package did not check for setuid failures, allowing local users to increase the privileges on kernel versions which do not guard against RLIMIT_NPROC attacks. For the oldstable distribution (squeeze), this problem has been fixed in version 3.30.0-3+squeeze2. For the stable distribution (wheezy), this problem has been fixed in version 3.30.0-6+deb7u1. We recommend that you upgrade your super packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJTXpxNAAoJEL97/wQC1SS+NnMH/0PULLzFJFi88RG+dgQX14KC ZuozPr3ErdLaCIHAX5vWloUBZ4kQpz6cQInA0JFVcumrSb9Iq8W735ZWw53CGRzO 0iuUGjQ4xiLHYOpjkkH96SrjxuaUFCLHFgs2Ug1bKmkKlIIN2AX/KutLkdmzlQyo U3dGxsTdAg2K9gs7t65YK2RVeVD9z1lDMaqIFmK7lcL/4XR3nzrbhk7TIpMDYFi2 Qhq0Dgxv3RYqkGp1MSktZ0mFAnVG42PT2jqL6m4rL5wGsVLIYX0qHIT5vyZZpB/B RtRJTH9VEp+6XwCW+UAvTUIbJfFBCRl+QlnjdqECw6EqQhfOlvCdvNCpzeewXmE= =+Y+O - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU175tRLndAQH1ShLAQI/KBAAubeqCmVGAPz73U5pWxKKy+xwhs2p9KbK 8Omuijc1UHVRxF9KbVir9jIpWv/0IZd4Oy9h3bREXATitQGgkZ71dGriMyvHcXRk tO/tgYVD8MXnpdgc5FFchQUF/yJ6qsFx7UCaqVWIx0ty6pg8ZyXswGDybqguoMgS Y/ZIZvohD7mdCVuo1GgMJhKyEPbAgt54mGxY4HvWFw1Vlw3S66uTN3n42SHUMv53 EB/5zNXvFxKM6XblYT+gPiL0LDQgyhuOPcT41BWD/lAgHX7rOPYfN5KL/DQXB0qV ipQKUs103FM7lFmSj25KAw6COHD/oYOaGVw27FY69Xs/sTTu3Juruy3oI3/VDyUQ yQDzNKsXa2RZJnC0tRmGyNX7Zo0NNA1zFmF7HunySR2St737RZsMii+NH08r/E9a 3C3svMYQKjYWIA4klJNpuXdyxooPTMKq46azB8SaH9b/h+WxKMuJH2fxNGWDOwMc vY9QOoV4PuzvvMtQU1E+eDkrwEL5JvoZAP8dPSPtEflszo1tY+tKMsiqrsO3R5u/ vtScET8gXFKY00FeeNSTitPSmu7+7/nCcJFpd7k/kh57dzQGmnunH4Ey7ImZaK4E R0V0MOqPKLn2o6MDL7r8ARxCCcLEH5H78RWc71TqUe+aZVPaRYLoA2UhWv2HeDoy 1Ug7TzGYmXk= =i6BT -----END PGP SIGNATURE-----