[SECURITY] [DSA 3426-2] ctdb regression update

2016-03-0316:15:38

lists.debian.org

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

JSON

Debian Security Advisory DSA-3426-2 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
March 03, 2016 https://www.debian.org/security/faq

Package : ctdb
Debian Bug : 813406

The update for linux issued as DSA-3426-1 and DSA-3434-1 to address
CVE-2015-8543 uncovered a bug in ctdb, a clustered database to store
temporary data, leading to broken clusters. Updated packages are now
available to address this problem.

For the oldstable distribution (wheezy), this problem has been fixed
in version 1.12+git20120201-5.

For the stable distribution (jessie), this problem has been fixed in
version 2.5.4+debian0-4+deb8u1.

We recommend that you upgrade your ctdb packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7ia64linux-headers-3.2.0-4-mckinley< 3.2.73-2+deb7u2linux-headers-3.2.0-4-mckinley_3.2.73-2+deb7u2_ia64.deb
Debian8arm64linux-libc-dev< 3.16.7-ckt20-1+deb8u1linux-libc-dev_3.16.7-ckt20-1+deb8u1_arm64.deb
Debian8amd64scsi-core-modules-3.16.0-4-amd64-di< 3.16.7-ckt20-1+deb8u1scsi-core-modules-3.16.0-4-amd64-di_3.16.7-ckt20-1+deb8u1_amd64.deb
Debian8amd64ctdb-pcp-pmda< 2.5.4+debian0-4+deb8u1ctdb-pcp-pmda_2.5.4+debian0-4+deb8u1_amd64.deb
Debian7i386isofs-modules-3.2.0-4-686-pae-di< 3.2.73-2+deb7u2isofs-modules-3.2.0-4-686-pae-di_3.2.73-2+deb7u2_i386.deb
Debian8mipsxfs-modules-3.16.0-4-sb1-bcm91250a-di< 3.16.7-ckt20-1+deb8u1xfs-modules-3.16.0-4-sb1-bcm91250a-di_3.16.7-ckt20-1+deb8u1_mips.deb
Debian8mipselbtrfs-modules-3.16.0-4-sb1-bcm91250a-di< 3.16.7-ckt20-1+deb8u1btrfs-modules-3.16.0-4-sb1-bcm91250a-di_3.16.7-ckt20-1+deb8u1_mipsel.deb
Debian7i386ctdb< 1.12+git20120201-5ctdb_1.12+git20120201-5_i386.deb
Debian8mipsrtc-modules-3.16.0-4-sb1-bcm91250a-di< 3.16.7-ckt20-1+deb8u1rtc-modules-3.16.0-4-sb1-bcm91250a-di_3.16.7-ckt20-1+deb8u1_mips.deb
Debian8mipsevent-modules-3.16.0-4-sb1-bcm91250a-di< 3.16.7-ckt20-1+deb8u1event-modules-3.16.0-4-sb1-bcm91250a-di_3.16.7-ckt20-1+deb8u1_mips.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	ia64	linux-headers-3.2.0-4-mckinley	< 3.2.73-2+deb7u2	linux-headers-3.2.0-4-mckinley_3.2.73-2+deb7u2_ia64.deb
Debian	8	arm64	linux-libc-dev	< 3.16.7-ckt20-1+deb8u1	linux-libc-dev_3.16.7-ckt20-1+deb8u1_arm64.deb
Debian	8	amd64	scsi-core-modules-3.16.0-4-amd64-di	< 3.16.7-ckt20-1+deb8u1	scsi-core-modules-3.16.0-4-amd64-di_3.16.7-ckt20-1+deb8u1_amd64.deb
Debian	8	amd64	ctdb-pcp-pmda	< 2.5.4+debian0-4+deb8u1	ctdb-pcp-pmda_2.5.4+debian0-4+deb8u1_amd64.deb
Debian	7	i386	isofs-modules-3.2.0-4-686-pae-di	< 3.2.73-2+deb7u2	isofs-modules-3.2.0-4-686-pae-di_3.2.73-2+deb7u2_i386.deb
Debian	8	mips	xfs-modules-3.16.0-4-sb1-bcm91250a-di	< 3.16.7-ckt20-1+deb8u1	xfs-modules-3.16.0-4-sb1-bcm91250a-di_3.16.7-ckt20-1+deb8u1_mips.deb
Debian	8	mipsel	btrfs-modules-3.16.0-4-sb1-bcm91250a-di	< 3.16.7-ckt20-1+deb8u1	btrfs-modules-3.16.0-4-sb1-bcm91250a-di_3.16.7-ckt20-1+deb8u1_mipsel.deb
Debian	7	i386	ctdb	< 1.12+git20120201-5	ctdb_1.12+git20120201-5_i386.deb
Debian	8	mips	rtc-modules-3.16.0-4-sb1-bcm91250a-di	< 3.16.7-ckt20-1+deb8u1	rtc-modules-3.16.0-4-sb1-bcm91250a-di_3.16.7-ckt20-1+deb8u1_mips.deb
Debian	8	mips	event-modules-3.16.0-4-sb1-bcm91250a-di	< 3.16.7-ckt20-1+deb8u1	event-modules-3.16.0-4-sb1-bcm91250a-di_3.16.7-ckt20-1+deb8u1_mips.deb