Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

AMD64 port compromised ?

0 views
Skip to first unread message

Emmanuel Fleury

unread,
Jul 13, 2006, 3:00:17 AM7/13/06
to
Hi,

Is the AMD64 branch of Debian compromised as well by the problem on
gluck.debian.org ?

See:
http://lists.debian.org/debian-devel-announce/2006/07/msg00003.html

Regards
--
Emmanuel Fleury | Office: 211
Associate Professor, | Phone: +33 (0)5 40 00 35 24
LaBRI, Domaine Universitaire | Fax: +33 (0)5 40 00 66 69
351, Cours de la Libération | email: fle...@labri.fr
33405 Talence Cedex, France | URL: http://www.labri.fr/~fleury


--
To UNSUBSCRIBE, email to debian-amd...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

Lionel Elie Mamane

unread,
Jul 13, 2006, 4:00:18 AM7/13/06
to
On Thu, Jul 13, 2006 at 08:36:58AM +0200, Emmanuel Fleury wrote:

> Is the AMD64 branch of Debian compromised as well by the problem on
> gluck.debian.org ?

For testing and unstable, no more and no less than any other
architecture. The semi-official sarge is hosted out of the Debian
mirror system, so probably no link. (Security updates are in the
normal Debian infrastructure, though.)

I'm not sure what exactly you are afraid of. I don't think that gluck
plays a privileged role in the package preparation / distribution (it
is not ftp-master).

--
Lionel

Goswin von Brederlow

unread,
Jul 13, 2006, 8:10:06 AM7/13/06
to
Emmanuel Fleury <fle...@labri.fr> writes:

> Hi,
>
> Is the AMD64 branch of Debian compromised as well by the problem on
> gluck.debian.org ?
>
> See:
> http://lists.debian.org/debian-devel-announce/2006/07/msg00003.html
>
> Regards

The security team is still investigating the system and will report
their findings.

Last time there was some doubt about the archive being clean or not
and every package was verified against its signature in the changes
file. I believe the same will happen again if there is any doubt.

MfG
Goswin

PS: No compromised packages was found last time tough.

Matthew Robinson

unread,
Jul 13, 2006, 10:10:16 AM7/13/06
to
Lionel Elie Mamane wrote: 
On Thu, Jul 13, 2006 at 08:36:58AM +0200, Emmanuel Fleury wrote:

  
Is the AMD64 branch of Debian compromised as well by the problem on
gluck.debian.org ?
    
For testing and unstable, no more and no less than any other
architecture. The semi-official sarge is hosted out of the Debian
mirror system, so probably no link. (Security updates are in the
normal Debian infrastructure, though.)

I'm not sure what exactly you are afraid of. I don't think that gluck
plays a privileged role in the package preparation / distribution (it
is not ftp-master).
Does anybody have any more information on the exploit? I'd like to know if I am running any of the software, etc.

Emmanuel Fleury

unread,
Jul 13, 2006, 11:00:27 AM7/13/06
to
Matthew Robinson wrote:
>
> Does anybody have any more information on the exploit? I'd like to know
> if I am running any of the software, etc.

The security team is currently examining the server. I guess that there
will be a public report on what they will find about it (just as last
time it happened).

Regards
--
Emmanuel Fleury | Office: 211
Associate Professor, | Phone: +33 (0)5 40 00 35 24
LaBRI, Domaine Universitaire | Fax: +33 (0)5 40 00 66 69

351, Cours de la Libération | email: emmanue...@labri.fr


33405 Talence Cedex, France | URL: http://www.labri.fr/~fleury

Goswin von Brederlow

unread,
Jul 14, 2006, 5:00:12 AM7/14/06
to
Matthew Robinson <ma...@fone-me.com> writes:

> Does anybody have any more information on the exploit? I'd like to know if I
> am running any of the software, etc.

The exploit suposedly was a local privilege escalation exploit using
the new core dump feature from 2.6.13+. Is has been fixed (among
others) in 2.6.17.4. Check the changelog for the official CAN number
of the exploit.

Stable kernels (2.6.8) aren't affected but testing/sid are.

MfG
Goswin

0 new messages