Debian Security Advisory DSA 470-1 (kernel-image-2.4.17-hppa)

The remote host is missing an update to kernel-image-2.4.17-hppa announced via advisory DSA 470-1.

Several local root exploits have been discovered recently in the Linux kernel. This security advisory updates the mips kernel 2.4.19 for Debian GNU/Linux. The Common Vulnerabilities and Exposures project identifies the following problems that are fixed with this update: CVE-2003-0961: An integer overflow in brk() system call (do_brk() function) for Linux allows a local attacker to gain root privileges. Fixed upstream in Linux 2.4.23. CVE-2003-0985: Paul Starzetz discovered a flaw in bounds checking in mremap() in the Linux kernel (present in version 2.4.x and 2.6.x) which may allow a local attacker to gain root privileges. Version 2.2 is not affected by this bug. Fixed upstream in Linux 2.4.24. CVE-2004-0077: Paul Starzetz and Wojciech Purczynski of isec.pl discovered a critical security vulnerability in the memory management code of Linux inside the mremap(2) system call. Due to missing function return value check of internal functions a local attacker can gain root privileges. Fixed upstream in Linux 2.4.25 and 2.6.3. For the stable distribution (woody) these problems have been fixed in version 32.3 of kernel-image-2.4.17-hppa. For the unstable distribution (sid) these problems have been fixed in version 2.4.25-1 of kernel-image-2.4.25-hppa. We recommend that you upgrade your Linux kernel packages immediately.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20470-1