Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2014.0610
super security update
29 April 2014
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: super
Publisher: Debian
Operating System: Debian GNU/Linux 6
Debian GNU/Linux 7
Impact/Access: Root Compromise -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2014-0470
Original Bulletin:
http://www.debian.org/security/2014/dsa-2917
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-2917-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
April 28, 2014 http://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : super
CVE ID : CVE-2014-0470
John Lightsey of the Debian Security Audit project discovered that the
super package did not check for setuid failures, allowing local users
to increase the privileges on kernel versions which do not guard
against RLIMIT_NPROC attacks.
For the oldstable distribution (squeeze), this problem has been fixed in
version 3.30.0-3+squeeze2.
For the stable distribution (wheezy), this problem has been fixed in
version 3.30.0-6+deb7u1.
We recommend that you upgrade your super packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJTXpxNAAoJEL97/wQC1SS+NnMH/0PULLzFJFi88RG+dgQX14KC
ZuozPr3ErdLaCIHAX5vWloUBZ4kQpz6cQInA0JFVcumrSb9Iq8W735ZWw53CGRzO
0iuUGjQ4xiLHYOpjkkH96SrjxuaUFCLHFgs2Ug1bKmkKlIIN2AX/KutLkdmzlQyo
U3dGxsTdAg2K9gs7t65YK2RVeVD9z1lDMaqIFmK7lcL/4XR3nzrbhk7TIpMDYFi2
Qhq0Dgxv3RYqkGp1MSktZ0mFAnVG42PT2jqL6m4rL5wGsVLIYX0qHIT5vyZZpB/B
RtRJTH9VEp+6XwCW+UAvTUIbJfFBCRl+QlnjdqECw6EqQhfOlvCdvNCpzeewXmE=
=+Y+O
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBU175tRLndAQH1ShLAQI/KBAAubeqCmVGAPz73U5pWxKKy+xwhs2p9KbK
8Omuijc1UHVRxF9KbVir9jIpWv/0IZd4Oy9h3bREXATitQGgkZ71dGriMyvHcXRk
tO/tgYVD8MXnpdgc5FFchQUF/yJ6qsFx7UCaqVWIx0ty6pg8ZyXswGDybqguoMgS
Y/ZIZvohD7mdCVuo1GgMJhKyEPbAgt54mGxY4HvWFw1Vlw3S66uTN3n42SHUMv53
EB/5zNXvFxKM6XblYT+gPiL0LDQgyhuOPcT41BWD/lAgHX7rOPYfN5KL/DQXB0qV
ipQKUs103FM7lFmSj25KAw6COHD/oYOaGVw27FY69Xs/sTTu3Juruy3oI3/VDyUQ
yQDzNKsXa2RZJnC0tRmGyNX7Zo0NNA1zFmF7HunySR2St737RZsMii+NH08r/E9a
3C3svMYQKjYWIA4klJNpuXdyxooPTMKq46azB8SaH9b/h+WxKMuJH2fxNGWDOwMc
vY9QOoV4PuzvvMtQU1E+eDkrwEL5JvoZAP8dPSPtEflszo1tY+tKMsiqrsO3R5u/
vtScET8gXFKY00FeeNSTitPSmu7+7/nCcJFpd7k/kh57dzQGmnunH4Ey7ImZaK4E
R0V0MOqPKLn2o6MDL7r8ARxCCcLEH5H78RWc71TqUe+aZVPaRYLoA2UhWv2HeDoy
1Ug7TzGYmXk=
=i6BT
-----END PGP SIGNATURE-----