Sebastian Kramer discovered two vulnerabilities in udev, the /dev and hotplug management daemon. CVE-2009-1185 udev does not check the origin of NETLINK messages, allowing local users to gain root privileges. CVE-2009-1186 udev suffers from a buffer overflow condition in path encoding, potentially allowing arbitrary code execution. For the old stable distribution (etch), these problems have been fixed in version 0.105-4etch1. For the stable distribution (lenny), these problems have been fixed in version 0.125-7+lenny1. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your udev package.
Sebastian Kramer discovered two vulnerabilities in udev, the /dev and hotplug management daemon.
udev does not check the origin of NETLINK messages, allowing local users to gain root privileges.
udev suffers from a buffer overflow condition in path encoding, potentially allowing arbitrary code execution.
For the old stable distribution (etch), these problems have been fixed in version 0.105-4etch4.
For the stable distribution (lenny), these problems have been fixed in version 0.125-7+lenny1.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your udev package.
MD5 checksums of the listed files are available in the original advisory.