| Description: | Description:
The remote host is missing updates announced in
advisory RHSA-2010:0076.
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
This update fixes the following security issues:
* an array index error was found in the gdth driver in the Linux kernel. A
local user could send a specially-crafted IOCTL request that would cause a
denial of service or, possibly, privilege escalation. (CVE-2009-3080,
Important)
* a flaw was found in the collect_rx_frame() function in the HiSax ISDN
driver (hfc_usb) in the Linux kernel. An attacker could use this flaw to
send a specially-crafted HDLC packet that could trigger a buffer out of
bounds, possibly resulting in a denial of service. (CVE-2009-4005,
Important)
* permission issues were found in the megaraid_sas driver (for SAS based
RAID controllers) in the Linux kernel. The dbg_lvl and poll_mode_io
files on the sysfs file system (/sys/) had world-writable permissions.
This could allow local, unprivileged users to change the behavior of the
driver. (CVE-2009-3889, CVE-2009-3939, Moderate)
* a buffer overflow flaw was found in the hfs_bnode_read() function in the
HFS file system implementation in the Linux kernel. This could lead to a
denial of service if a user browsed a specially-crafted HFS file system,
for example, by running ls. (CVE-2009-4020, Low)
Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.
Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date
http://rhn.redhat.com/errata/RHSA-2010-0076.html
http://www.redhat.com/security/updates/classification/#important
Risk factor : High
CVSS Score:
7.8
|
