Gentoo Security Advisory GLSA 200401-01 (Kernel) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200401-01.

Solution

Users are encouraged to upgrade to the latest available sources for their system: $> emerge sync $> emerge -pv your-favourite-sources $> emerge your-favourite-sources $> # Follow usual procedure for compiling and installing a kernel. $> # If you use genkernel, run genkernel as you would do normally. $> # IF YOUR KERNEL IS MARKED as 'remerge required!' THEN $> # YOU SHOULD UPDATE YOUR KERNEL EVEN IF PORTAGE $> # REPORTS THAT THE SAME VERSION IS INSTALLED. http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200401-01 http://bugs.gentoo.org/show_bug.cgi?id=37292 http://isec.pl/vulnerabilities/isec-0012-mremap.txt

Insight

A critical security vulnerability has been found in recent Linux kernels which allows for local privelege escalation.

Severity

Classification

CVSS	Base Score: 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Gentoo Security Advisory GLSA 200311-04 (FreeRADIUS)
Gentoo Security Advisory GLSA 200502-12 (Webmin)
Gentoo Security Advisory GLSA 200406-11 (horde-imp)
Gentoo Security Advisory GLSA 200408-06 (SpamAssassin)
Gentoo Security Advisory GLSA 200407-03 (Apache)

Take action and discover your vulnerabilities