Mandrake Security Advisory MDVSA-2009:009 (kvm) Network Vulnerability

Summary

The remote host is missing an update to kvm announced via advisory MDVSA-2009:009.

Solution

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:009

Insight

Security vulnerabilities have been discovered and corrected in VNC server of kvm version 79 and earlier, which could lead to denial-of-service attacks (CVE-2008-2382), and make it easier for remote crackers to guess the VNC password (CVE-2008-5714). The updated packages have been patched to prevent this. Affected: 2009.0

Severity

Classification

CVE CVE-2008-2382, CVE-2008-5714

CVSS	Base Score: 7.8 AV:N/AC:L/Au:N/C:C/I:N/A:N

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
Mandrake Security Advisory MDVSA-2009:067 (libsndfile)
Mandrake Security Advisory MDVSA-2009:140 (gaim)
Mandrake Security Advisory MDVSA-2009:096-1 (printer-drivers)
Mandrake Security Advisory MDVSA-2009:014 (mplayer)

Take action and discover your vulnerabilities