Two errors in udev allow for a local root compromise and a Denial of Service.
Package | sys-fs/udev on all architectures |
---|---|
Affected versions | < 124-r2 |
Unaffected versions | >= 124-r2 |
udev is the device manager used in the Linux 2.6 kernel series.
Sebastian Krahmer of SUSE discovered the following two vulnerabilities:
A local attacker could gain root privileges by sending specially crafted NETLINK messages to udev or cause a Denial of Service.
There is no known workaround at this time.
All udev users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-fs/udev-124-r2"
Release date
April 18, 2009
Latest revision
April 18, 2009: 01
Severity
high
Exploitable
local
Bugzilla entries