Security Information / 2000 / Security Information -- kernel

Debian Security Advisory

kernel -- bug in capabilities handling allows root exploits

Date Reported:

12 Jun 2000

Affected Packages:

kernel-image, kernel-source

Vulnerable:

No

Security database references:

No other external database security references currently available.

More information:

There is a widely-reported problem with the handling of POSIX capabilities in the Linux kernel that can lead to root compromise in setuid applications. This bug does not affect kernels in the 2.0 or earlier series; the 2.0 kernels installed by default in Debian GNU/Linux 2.1 (slink) are not vulnerable. If you are running a kernel with a version of 2.1.*, 2.2.*, or 2.3.*, you should upgrade immediately.

The Debian kernel source package currently in potato, kernel-source-2.2.15-3, and binaries built from it, such as kernel-image-2.2.15-2 (or more recent versions), are patched to prevent this vulnerability. If you prefer to download kernel source from a mirror of ftp.kernel.org instead of using the debian package, you should download 2.2.16 or better.