| Summary: | The remote host is missing updates to the kernel announced in;advisory RHSA-2009:0009.;;These updated packages address the following security issues:;; * Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and;64-bit emulation. This could allow a local, unprivileged user to prepare;and run a specially-crafted binary which would use this deficiency to leak;uninitialized and potentially sensitive data. (CVE-2008-0598, Important);; * Olaf Kirch reported a flaw in the i915 kernel driver that only affects;the Intel G33 series and newer. This flaw could, potentially, lead to local;privilege escalation. (CVE-2008-3831, Important);; * Miklos Szeredi reported a missing check for files opened with O_APPEND in;sys_splice(). This could allow a local, unprivileged user to bypass the;append-only file restrictions. (CVE-2008-4554, Important);; * a deficiency was found in the Linux kernel Stream Control Transmission;Protocol (SCTP) implementation. This could lead to a possible denial of;service if one end of a SCTP connection did not support the AUTH extension.;(CVE-2008-4576, Important);; * Wei Yongjun reported a flaw in the Linux kernel SCTP implementation. In;certain code paths, sctp_sf_violation_paramlen() could be called with a;wrong parameter data type. This could lead to a possible denial of service.;(CVE-2008-4618, Important);; * when fput() was called to close a socket, the __scm_destroy() function in;the Linux kernel could make indirect recursive calls to itself. This could,;potentially, lead to a denial of service issue. (CVE-2008-5029, Important);; * the ext2 and ext3 filesystem code failed to properly handle corrupted;data structures, leading to a possible local denial of service issue when;read or write operations were performed. (CVE-2008-3528, Low);;All Red Hat Enterprise MRG users should install this update which addresses;these vulnerabilities and fixes these bugs. |
| Description: | Summary:
The remote host is missing updates to the kernel announced in
advisory RHSA-2009:0009.
These updated packages address the following security issues:
* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and
64-bit emulation. This could allow a local, unprivileged user to prepare
and run a specially-crafted binary which would use this deficiency to leak
uninitialized and potentially sensitive data. (CVE-2008-0598, Important)
* Olaf Kirch reported a flaw in the i915 kernel driver that only affects
the Intel G33 series and newer. This flaw could, potentially, lead to local
privilege escalation. (CVE-2008-3831, Important)
* Miklos Szeredi reported a missing check for files opened with O_APPEND in
sys_splice(). This could allow a local, unprivileged user to bypass the
append-only file restrictions. (CVE-2008-4554, Important)
* a deficiency was found in the Linux kernel Stream Control Transmission
Protocol (SCTP) implementation. This could lead to a possible denial of
service if one end of a SCTP connection did not support the AUTH extension.
(CVE-2008-4576, Important)
* Wei Yongjun reported a flaw in the Linux kernel SCTP implementation. In
certain code paths, sctp_sf_violation_paramlen() could be called with a
wrong parameter data type. This could lead to a possible denial of service.
(CVE-2008-4618, Important)
* when fput() was called to close a socket, the __scm_destroy() function in
the Linux kernel could make indirect recursive calls to itself. This could,
potentially, lead to a denial of service issue. (CVE-2008-5029, Important)
* the ext2 and ext3 filesystem code failed to properly handle corrupted
data structures, leading to a possible local denial of service issue when
read or write operations were performed. (CVE-2008-3528, Low)
All Red Hat Enterprise MRG users should install this update which addresses
these vulnerabilities and fixes these bugs.
Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date
CVSS Score:
7.8
CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
