Mandrake Security Advisory MDVSA-2009:009 (kvm) Network Vulnerability

Summary

The remote host is missing an update to kvm announced via advisory MDVSA-2009:009.

Solution

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:009

Insight

Security vulnerabilities have been discovered and corrected in VNC server of kvm version 79 and earlier, which could lead to denial-of-service attacks (CVE-2008-2382), and make it easier for remote crackers to guess the VNC password (CVE-2008-5714). The updated packages have been patched to prevent this. Affected: 2009.0

Severity

Classification

CVE CVE-2008-2382, CVE-2008-5714
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:143 (netpbm)
Mandrake Security Advisory MDVSA-2009:003 (python)
Mandrake Security Advisory MDVSA-2009:036 (python)
Mandrake Security Advisory MDVSA-2009:115 (phpMyAdmin)
Mandrake Security Advisory MDVSA-2009:024 (php4)

Take action and discover your vulnerabilities