Debian Security Advisory DSA 438-1 (kernel)

The remote host is missing an update to kernel-source-2.4.18, kernel-image-2.4.18-1-alpha, kernel-image-2.4.18-1-i386, kernel-image-2.4.18-i386bf, kernel-patch-2.4.18-powerpc announced via advisory DSA 438-1.

Paul Starzetz and Wojciech Purczynski of isec.pl discovered a critical security vulnerability in the memory management code of Linux inside the mremap(2) system call. Due to missing function return value check of internal functions a local attacker can gain root privileges. For the stable distribution (woody) this problem has been fixed in version 2.4.18-14.2 of kernel-source, version 2.4.18-14 of alpha images, version 2.4.18-12.2 of i386 images, version 2.4.18-5woody7 of i386bf images and version 2.4.18-1woody4 of powerpc images. Other architectures will probably mentioned in a separate advisory or are not affected (m68k). For the unstable distribution (sid) this problem is fixed in version 2.4.24-3 for source, i386 and alpha images and version 2.4.22-10 for powerpc images. This problem is also fixed in the upstream version of Linux 2.4.25 and 2.6.3. We recommend that you upgrade your Linux kernel packages immediately.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20438-1