Descripción: | Description:
The remote host is missing updates announced in advisory RHSA-2006:0710.
The Linux kernel handles the basic functions of the operating system.
These new kernel packages contain fixes for the security issues described below:
* a flaw in the IPC shared-memory implementation that allowed a local user to cause a denial of service (deadlock) that resulted in freezing the system (CVE-2006-4342, Important)
* an information leak in the copy_from_user() implementation on s390 and s390x platforms that allowed a local user to read arbitrary kernel memory (CVE-2006-5174, Important)
* a flaw in the ATM subsystem affecting systems with installed ATM hardware and configured ATM support that allowed a remote user to cause a denial of service (panic) by accessing socket buffer memory after it has been freed (CVE-2006-4997, Moderate)
* a directory traversal vulnerability in smbfs that allowed a local user to escape chroot restrictions for an SMB-mounted filesystem via ..\\ sequences (CVE-2006-1864, Moderate)
* a flaw in the mprotect system call that allowed enabling write permission for a read-only attachment of shared memory (CVE-2006-2071, Moderate)
* a flaw in the DVD handling of the CDROM driver that could be used together with a custom built USB device to gain root privileges (CVE-2006-2935, Moderate)
In addition to the security issues described above, a bug fix for a clock skew problem (which could lead to unintended keyboard repeat under X11) was also included. The problem only occurred when running the 32-bit x86 kernel on 64-bit dual-core x86_64 hardware.
Note: The kernel-unsupported package contains various drivers and modules that are unsupported and therefore might contain security problems that have not been addressed.
All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architecture and configurations as listed in this erratum.
Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date
http://rhn.redhat.com/errata/RHSA-2006-0710.html http://www.redhat.com/security/updates/classification/#important
Risk factor : High
CVSS Score: 7.1
|