| Resumen: | The remote host is missing updates announced in;advisory RHSA-2009:0264.;;The kernel packages contain the Linux kernel, the core of any Linux;operating system.;;This update addresses the following security issues:;; * a memory leak in keyctl handling. A local user could use this flaw to;deplete kernel memory, eventually leading to a denial of service.;(CVE-2009-0031, Important);; * a buffer overflow in the Linux kernel Partial Reliable Stream Control;Transmission Protocol (PR-SCTP) implementation. This could, potentially,;lead to a denial of service if a Forward-TSN chunk is received with a large;stream ID. (CVE-2009-0065, Important);; * a flaw when handling heavy network traffic on an SMP system with many;cores. An attacker who could send a large amount of network traffic could;create a denial of service. (CVE-2008-5713, Important);; * the code for the HFS and HFS Plus (HFS+) file systems failed to properly;handle corrupted data structures. This could, potentially, lead to a local;denial of service. (CVE-2008-4933, CVE-2008-5025, Low);; * a flaw was found in the HFS Plus (HFS+) file system implementation. This;could, potentially, lead to a local denial of service when write operations;are performed. (CVE-2008-4934, Low);;Users should upgrade to these updated packages, which contain backported;patches to correct these issues. Note: for this update to take effect, the;system must be rebooted. |
| Descripción: | Summary:
The remote host is missing updates announced in
advisory RHSA-2009:0264.
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
This update addresses the following security issues:
* a memory leak in keyctl handling. A local user could use this flaw to
deplete kernel memory, eventually leading to a denial of service.
(CVE-2009-0031, Important)
* a buffer overflow in the Linux kernel Partial Reliable Stream Control
Transmission Protocol (PR-SCTP) implementation. This could, potentially,
lead to a denial of service if a Forward-TSN chunk is received with a large
stream ID. (CVE-2009-0065, Important)
* a flaw when handling heavy network traffic on an SMP system with many
cores. An attacker who could send a large amount of network traffic could
create a denial of service. (CVE-2008-5713, Important)
* the code for the HFS and HFS Plus (HFS+) file systems failed to properly
handle corrupted data structures. This could, potentially, lead to a local
denial of service. (CVE-2008-4933, CVE-2008-5025, Low)
* a flaw was found in the HFS Plus (HFS+) file system implementation. This
could, potentially, lead to a local denial of service when write operations
are performed. (CVE-2008-4934, Low)
Users should upgrade to these updated packages, which contain backported
patches to correct these issues. Note: for this update to take effect, the
system must be rebooted.
Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
