| Description: | Summary:
The remote host is missing an update for the Debian 'linux-2.6' package(s) announced via the DSA-1565-1 advisory.
Vulnerability Insight:
Several local vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2007-6694
Cyrill Gorcunov reported a NULL pointer dereference in code specific to the CHRP PowerPC platforms. Local users could exploit this issue to achieve a Denial of Service (DoS).
CVE-2008-0007
Nick Piggin of SuSE discovered a number of issues in subsystems which register a fault handler for memory mapped areas. This issue can be exploited by local users to achieve a Denial of Service (DoS) and possibly execute arbitrary code.
CVE-2008-1294
David Peer discovered that users could escape administrator imposed cpu time limitations (RLIMIT_CPU) by setting a limit of 0.
CVE-2008-1375
Alexander Viro discovered a race condition in the directory notification subsystem that allows local users to cause a Denial of Service (oops) and possibly result in an escalation of privileges.
For the stable distribution (etch), these problems have been fixed in version 2.6.18.dfsg.1-18etch3.
The unstable (sid) and testing distributions will be fixed soon.
We recommend that you upgrade your linux-2.6, fai-kernels, and user-mode-linux packages.
Affected Software/OS:
'linux-2.6' package(s) on Debian 4.
Solution:
Please install the updated package(s).
CVSS Score:
7.8
CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
