Test ID:	1.3.6.1.4.1.25623.1.0.60439
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1505-1)
Summary:	The remote host is missing an update for the Debian 'alsa-driver, alsa-modules-i386' package(s) announced via the DSA-1505-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'alsa-driver, alsa-modules-i386' package(s) announced via the DSA-1505-1 advisory. Vulnerability Insight: Takashi Iwai supplied a fix for a memory leak in the snd_page_alloc module. Local users could exploit this issue to obtain sensitive information from the kernel (CVE-2007-4571). For the oldstable distribution (sarge), this problem has been fixed in version 1.0.8-7sarge1. The prebuilt modules provided by alsa-modules-i386 have been rebuilt to take advantage of this update, and are available in version 1.0.8+2sarge2. For the stable distribution (etch), this problem has been fixed in version 1.0.13-5etch1. This issue was already fixed for the version of ALSA provided by linux-2.6 in DSA 1479. For the unstable distributions (sid), this problem was fixed in version 1.0.15-1. We recommend that you upgrade your alsa-driver and alsa-modules-i386 packages. Affected Software/OS: 'alsa-driver, alsa-modules-i386' package(s) on Debian 3.1, Debian 4. Solution: Please install the updated package(s). CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-4571 1018734 http://www.securitytracker.com/id?1018734 20070925 Linux Kernel ALSA snd_mem_proc_read Information Disclosure Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=600 25807 http://www.securityfocus.com/bid/25807 26918 http://secunia.com/advisories/26918 26980 http://secunia.com/advisories/26980 26989 http://secunia.com/advisories/26989 27101 http://secunia.com/advisories/27101 27227 http://secunia.com/advisories/27227 27436 http://secunia.com/advisories/27436 27747 http://secunia.com/advisories/27747 27824 http://secunia.com/advisories/27824 28626 http://secunia.com/advisories/28626 29054 http://secunia.com/advisories/29054 30769 http://secunia.com/advisories/30769 ADV-2007-3272 http://www.vupen.com/english/advisories/2007/3272 DSA-1479 http://www.debian.org/security/2008/dsa-1479 DSA-1505 http://www.debian.org/security/2008/dsa-1505 FEDORA-2007-2349 https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00436.html FEDORA-2007-714 https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00083.html RHSA-2007:0939 http://www.redhat.com/support/errata/RHSA-2007-0939.html RHSA-2007:0993 http://www.redhat.com/support/errata/RHSA-2007-0993.html SUSE-SA:2007:053 http://www.novell.com/linux/security/advisories/2007_53_kernel.html USN-618-1 http://www.ubuntu.com/usn/usn-618-1 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ccec6e2c4a74adf76ed4e2478091a311b1806212 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.8 http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm https://issues.rpath.com/browse/RPL-1761 linux-sndpagealloc-information-disclosure(36780) https://exchange.xforce.ibmcloud.com/vulnerabilities/36780 oval:org.mitre.oval:def:9053 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9053
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.