| Descripción: | Description:
The remote host is missing updates announced in
advisory RHSA-2008:0972.
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
* a flaw was found in the Linux kernel's Direct-IO implementation. This
could have allowed a local unprivileged user to cause a denial of service.
(CVE-2007-6716, Important)
* when running ptrace in 31-bit mode on an IBM S/390 or IBM System z
kernel, a local unprivileged user could cause a denial of service by
reading from or writing into a padding area in the user_regs_struct32
structure. (CVE-2008-1514, Important)
* the do_truncate() and generic_file_splice_write() functions did not clear
the setuid and setgid bits. This could have allowed a local unprivileged
user to obtain access to privileged information. (CVE-2008-4210, Important)
* Tobias Klein reported a missing check in the Linux kernel's Open Sound
System (OSS) implementation. This deficiency could have led to an
information leak. (CVE-2008-3272, Moderate)
* a potential denial of service attack was discovered in the Linux kernel's
PWC USB video driver. A local unprivileged user could have used this flaw
to bring the kernel USB subsystem into the busy-waiting state.
(CVE-2007-5093, Low)
* the ext2 and ext3 file systems code failed to properly handle corrupted
data structures, leading to a possible local denial of service issue when
read or write operations were performed. (CVE-2008-3528, Low)
For additional bug fix information, please visit the referenced
security advisories.
All Red Hat Enterprise Linux 4 Users should upgrade to these updated
packages, which contain backported patches to correct these issues.
Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date
http://rhn.redhat.com/errata/RHSA-2008-0972.html
http://www.redhat.com/security/updates/classification/#important
Risk factor : High
CVSS Score:
6.6
|
