| Resumen: | The remote host is missing updates to kernel-rt announced in;advisory RHSA-2009:1081.;;These updated packages fix the following security issues:;; * a buffer overflow flaw was found in the CIFSTCon() function of the Linux;kernel Common Internet File System (CIFS) implementation. When mounting a;CIFS share, a malicious server could send an overly-long string to the;client, possibly leading to a denial of service or privilege escalation on;the client mounting the CIFS share. (CVE-2009-1439, Important);; * the Linux kernel Network File System daemon (nfsd) implementation did not;drop the CAP_MKNOD capability when handling requests from local,;unprivileged users. This flaw could possibly lead to an information leak or;privilege escalation. (CVE-2009-1072, Moderate);; * a deficiency was found in the Linux kernel signals implementation. The;kill_something_info() function did not check if a process was outside the;caller's namespace before sending the kill signal, making it possible to;kill processes in all process ID (PID) namespaces, breaking PID namespace;isolation. (CVE-2009-1338, Moderate);; * a flaw was found in the AGPGART driver. The agp_generic_alloc_page() and;agp_generic_alloc_pages() functions did not zero out the memory pages they;allocate, which may later be available to user-space processes. This flaw;could possibly lead to an information leak. (CVE-2009-1192, Low);;All Red Hat Enterprise MRG users should upgrade to these updated packages,;which contain backported patches to resolve these issues. Note: The system;must be rebooted for this update to take effect. |
| Descripción: | Summary:
The remote host is missing updates to kernel-rt announced in
advisory RHSA-2009:1081.
These updated packages fix the following security issues:
* a buffer overflow flaw was found in the CIFSTCon() function of the Linux
kernel Common Internet File System (CIFS) implementation. When mounting a
CIFS share, a malicious server could send an overly-long string to the
client, possibly leading to a denial of service or privilege escalation on
the client mounting the CIFS share. (CVE-2009-1439, Important)
* the Linux kernel Network File System daemon (nfsd) implementation did not
drop the CAP_MKNOD capability when handling requests from local,
unprivileged users. This flaw could possibly lead to an information leak or
privilege escalation. (CVE-2009-1072, Moderate)
* a deficiency was found in the Linux kernel signals implementation. The
kill_something_info() function did not check if a process was outside the
caller's namespace before sending the kill signal, making it possible to
kill processes in all process ID (PID) namespaces, breaking PID namespace
isolation. (CVE-2009-1338, Moderate)
* a flaw was found in the AGPGART driver. The agp_generic_alloc_page() and
agp_generic_alloc_pages() functions did not zero out the memory pages they
allocate, which may later be available to user-space processes. This flaw
could possibly lead to an information leak. (CVE-2009-1192, Low)
All Red Hat Enterprise MRG users should upgrade to these updated packages,
which contain backported patches to resolve these issues. Note: The system
must be rebooted for this update to take effect.
Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date
CVSS Score:
7.8
CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
