Debian DSA-1505 Critical: Alsa-Driver Kernel Memory Leak Exploit
debian
February 22, 2008
Takashi Iwai supplied a fix for a memory leak in the snd_page_alloc module.
Local users could exploit this issue to obtain sensitive information from
the kernel (CVE-2007-4571).
Topics Covered
Summary
For the oldstable distribution (sarge), this problem has been fixed in
version 1.0.8-7sarge1. The prebuilt modules provided by alsa-modules-i386
have been rebuilt to take advantage of this update, and are available in
version 1.0.8+2sarge2.
For the unstable distributions (sid), this problem was fixed in version
1.0.15-1.
We recommend that you upgrade your alsa-driver and alsa-modules-i386
packages.
Upgrade instructions
- --------------------wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
The prebuilt modules update coincides with an ABI change in the 2.4.27
kernel in oldstable (see DSA 1503). If you are using the prebuilt modules
provided by one of the alsa-modules-i386 packages, you will need to update
your kernel to t...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!