Slackware Advisory SSA:2009-111-01 Udev Network Vulnerability

Summary

The remote host is missing an update as announced via advisory SSA:2009-111-01.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-111-01

Insight

New udev packages are available for Slackware 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix security issues. The udev packages in Slackware 10.2, 11.0, 12.0, 12.1, 12.2, and -current contained a local root hole vulnerability: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185 The udev packages in Slackware 12.0, 12.1, 12.2, and -current had an integer overflow which could result in a denial of service: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1186 Note that udev is only used with 2.6 kernels, which are not used by default with Slackware 10.2 and 11.0.

Severity

Classification

CVE CVE-2009-1185, CVE-2009-1186
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Slackware Advisory SSA:2004-238-01 kdelibs
Slackware Advisory SSA:2005-192-01 PHP
Slackware Advisory SSA:2005-121-02 xine-lib
Slackware Advisory SSA:2005-121-01 infozip
Slackware Advisory SSA:2004-140-01 cvs

Slackware Advisory SSA:2009-111-01 udev

Take action and discover your vulnerabilities