Two errors in udev allow for a local root compromise and a Denial of Service.
|Package||sys-fs/udev on all architectures|
|Affected versions||< 124-r2|
|Unaffected versions||>= 124-r2|
udev is the device manager used in the Linux 2.6 kernel series.
Sebastian Krahmer of SUSE discovered the following two vulnerabilities:
A local attacker could gain root privileges by sending specially crafted NETLINK messages to udev or cause a Denial of Service.
There is no known workaround at this time.
All udev users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-fs/udev-124-r2"
April 18, 2009
April 18, 2009: 01