Gentoo Security Advisory GLSA 200401-01 (Kernel) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200401-01.

Solution

Users are encouraged to upgrade to the latest available sources for their system: $> emerge sync $> emerge -pv your-favourite-sources $> emerge your-favourite-sources $> # Follow usual procedure for compiling and installing a kernel. $> # If you use genkernel, run genkernel as you would do normally. $> # IF YOUR KERNEL IS MARKED as 'remerge required!' THEN $> # YOU SHOULD UPDATE YOUR KERNEL EVEN IF PORTAGE $> # REPORTS THAT THE SAME VERSION IS INSTALLED. http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200401-01 http://bugs.gentoo.org/show_bug.cgi?id=37292 http://isec.pl/vulnerabilities/isec-0012-mremap.txt

Insight

A critical security vulnerability has been found in recent Linux kernels which allows for local privelege escalation.

Severity

Classification

CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Gentoo Security Advisory GLSA 200312-05 (GnuPG)
Gentoo Security Advisory GLSA 200409-16 (Samba)
Gentoo Security Advisory GLSA 200412-23 (zwiki)
Gentoo Security Advisory GLSA 200501-16 (Konqueror, kde, kdelibs)
Gentoo Security Advisory GLSA 200404-04 (sysstat)

Take action and discover your vulnerabilities