[FoLUG] Dirty COW --> Kde Neon

Michele Mordenti michele.mordenti@gmail.com
Lun 14 Nov 2016 07:29:41 CET 

ATTENZIONE!

KDE Project Security Advisory
=============================

Title:          KDE neon: insecure package archive
Risk Rating:    Important
Platforms:      All
Versions:       KDE neon packages installed before 16:00UTC 10 November 2016
Author:         Jonathan Riddell <jr@jriddell.org>
Date:           14 November 2016

Overview
========

The package archive used by KDE neon was incorrectly configured
allowing anyone to upload packages to it.  There is no reason to think
that anyone actually did so but as a precaution we have emptied the archives
and removed ISOs built before this date.  The archive is being rebuilt
and ISOs regenerated.

Impact
======

Anyone discovering the insecure archive server could have uploaded
packages to it which would be installed and run on computers running
KDE neon.  We do not believe this has happened but would welcome
reports of any problems.

This does not impact KDE software distributed by any other means, i.e.
other distributions or the source tarballs.

Workaround
==========

None

Solution
========

Upgrade to the latest packages once rebuilt.

All packages have larger version numbers than were previously in the
archive.

For extra security reinstall KDE neon from a freshly built ISO.

Il 23 ott 2016 1:17 PM, "Giovanni [aka CyberPenguin]" <
cyberpenguin@inventati.org> ha scritto:

> Il 09/10/2016 11:58, Giovanni [aka CyberPenguin] ha scritto:
> <cut>
>
>> Attendo di trovar difetti.
>> Non manchero' di postare.
>>
>
> http://tinyurl.com/hfx3tgb
>
> Nella Neon (strutturalmente una *buntu 16.04 LTS) la patch per
> Dirty COW e' gia' presente nei repo da alcuni giorni ma non va
> su' per i problemi di dipendenze precedentemente postati.
>
> Dependencies are not satisfied for linux-headers-generic [ amd64 ] <
> 4.4.0.38.40 -> 4.4.0.45.48 > ( devel )
> Keeping package linux-headers-generic:amd64
> Dependencies are not satisfied for linux-image-generic [ amd64 ] <
> 4.4.0.38.40 -> 4.4.0.45.48 > ( kernel )
> Keeping package linux-image-generic:amd64
> Dependencies are not satisfied for linux-generic [ amd64 ] < 4.4.0.38.40
> -> 4.4.0.45.48 > ( kernel )
> Keeping package linux-generic:amd64
>
> @salut e ciao
> Giovanni
> --
> GNU/Linux Registered user #328540
> _______________________________________________
> FoLUG mailing list
> FoLUG@lists.linux.it
> https://lists.linux.it/listinfo/folug per cancellarsi dalla lista

Maggiori informazioni sulla lista FoLUG