| Description: | Summary:
The remote host is missing an update for the Debian 'linux-2.6.24' package(s) announced via the DSA-1655-1 advisory.
Vulnerability Insight:
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, privilege escalation or a leak of sensitive data. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2008-1514
Jan Kratochvil reported a local denial of service vulnerability in the ptrace interface for the s390 architecture. Local users can trigger an invalid pointer dereference, leading to a system panic.
CVE-2008-3525
Eugene Teo reported a lack of capability checks in the kernel driver for Granch SBNI12 leased line adapters (sbni), allowing local users to perform privileged operations.
CVE-2008-3831
Olaf Kirch discovered an issue with the i915 driver that may allow local users to cause memory corruption by use of an ioctl with insufficient privilege restrictions.
CVE-2008-4113/CVE-2008-4445 Eugene Teo discovered two issues in the SCTP subsystem which allow local users to obtain access to sensitive memory when the SCTP-AUTH extension is enabled.
For the stable distribution (etch), these problems have been fixed in version 2.6.24-6~
etchnhalf.6.
We recommend that you upgrade your linux-2.6.24 packages.
Affected Software/OS:
'linux-2.6.24' package(s) on Debian 4.
Solution:
Please install the updated package(s).
CVSS Score:
7.2
CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
