Debian Security Advisory DSA 276-1 (kernel-patch-2.4.17-s390, kernel-image-2.4.17-s390)

The remote host is missing an update to kernel-patch-2.4.17-s390, kernel-image-2.4.17-s390 announced via advisory DSA 276-1.

The kernel module loader in Linux 2.2 and Linux 2.4 kernels has a flaw in ptrace. This hole allows local users to obtain root privileges by using ptrace to attach to a child process that is spawned by the kernel. Remote exploitation of this hole is not possible. This advisory only covers kernel packages for the S/390 architecture. Other architectures will be covered by separate advisories. For the stable distribution (woody) this problem has been fixed in the following versions: kernel-patch-2.4.17-s390: version 0.0.20020816-0.woody.1.1 kernel-image-2.4.17-s390: version 2.4.17-2.woody.2.2 The old stable distribution (potato) is not affected by this problem for this architecture since s390 was first released with Debian GNU/Linux 3.0 (woody). For the unstable distribution (sid) this problem will be fixed soon. We recommend that you upgrade your kernel-images packages immediately.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20276-1