linux-kernel-2.4.18-powerpc+alpha -- missing boundary check

ID DSA-417
Type debian
Reporter Debian
Modified 2004-01-07T00:00:00


Paul Starzetz discovered a flaw in bounds checking in mremap() in the Linux kernel (present in version 2.4.x and 2.6.x) which may allow a local attacker to gain root privileges. Version 2.2 is not affected by this bug.

Andrew Morton discovered a missing boundary check for the brk system call which can be used to craft a local root exploit.

For the stable distribution (woody) these problems have been fixed in version 2.4.18-12 for the alpha architecture and in version 2.4.18-1woody3 for the powerpc architecture.

For the unstable distribution (sid) these problems will be fixed soon with newly uploaded packages.

We recommend that you upgrade your kernel packages. These problems have been fixed in the upstream version 2.4.24 as well.