Mandriva Update For Kernel MDVSA-2008:043 (kernel) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A flaw in the vmsplice system call did not properly verify address arguments passed by user-space processes, which allowed local attackers to overwrite arbitrary kernel memory and gain root privileges. Mandriva urges all users to upgrade to these new kernels immediately as this flaw is being actively exploited. This issue only affects 2.6.17 and newer Linux kernels, so neither Corporate 3.0 nor Corporate 4.0 are affected. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate

Affected

kernel on Mandriva Linux 2007.0, Mandriva Linux 2007.0/X86_64, Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64

Severity

Classification

CVE CVE-2008-0600

CVSS	Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:057 (valgrind)
Mandrake Security Advisory MDVSA-2009:150 (libtiff)
Mandrake Security Advisory MDVSA-2009:049 (pycrypto)
Mandrake Security Advisory MDVSA-2009:121 (lcms)
Mandrake Security Advisory MDVSA-2009:147 (pidgin)

Mandriva Update for kernel MDVSA-2008:043 (kernel)

Take action and discover your vulnerabilities