| Description: | Summary:
The remote host is missing an update for the 'kernel' package(s) announced via the SSA:2016-305-01 advisory.
Vulnerability Insight:
New kernel packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix a security issue.
Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/linux-4.4.29/*: Upgraded.
This kernel fixes a security issue known as 'Dirty COW'. A race condition
was found in the way the Linux kernel's memory subsystem handled the
copy-on-write (COW) breakage of private read-only memory mappings. An
unprivileged local user could use this flaw to gain write access to
otherwise read-only memory mappings and thus increase their privileges on
the system.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
[links moved to references]
(* Security fix *)
+--------------------------+
Affected Software/OS:
'kernel' package(s) on Slackware 14.0, Slackware 14.1, Slackware 14.2, Slackware current.
Solution:
Please install the updated package(s).
CVSS Score:
7.2
CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
