| Resumen: | The remote host is missing updates announced in;advisory RHSA-2009:1157.;;The kernel-rt packages contain the Linux kernel, the core of any Linux;operating system.;;Security fixes:;; * a flaw was found in the Intel PRO/1000 network driver in the Linux;kernel. Frames with sizes near the MTU of an interface may be split across;multiple hardware receive descriptors. Receipt of such a frame could leak;through a validation check, leading to a corruption of the length check. A;remote attacker could use this flaw to send a specially-crafted packet that;would cause a denial of service or code execution. (CVE-2009-1385,;Important);; * Michael Tokarev reported a flaw in the Realtek r8169 Ethernet driver in;the Linux kernel. This driver allowed interfaces using this driver to;receive frames larger than what could be handled. This could lead to a;remote denial of service or code execution. (CVE-2009-1389, Important);; * several flaws were found in the way the Linux kernel CIFS implementation;handles Unicode strings. CIFS clients convert Unicode strings sent by a;server to their local character sets, and then write those strings into;memory. If a malicious server sent a long enough string, it could write;past the end of the target memory region and corrupt other memory areas,;possibly leading to a denial of service or privilege escalation on the;client mounting the CIFS share. (CVE-2009-1633, Important);; * Frank Filz reported the NFSv4 client was missing a file permission check;for the execute bit in some situations. This could allow local,;unprivileged users to run non-executable files on NFSv4 mounted file;systems. (CVE-2009-1630, Moderate);; * a deadlock flaw was found in the Linux kernel splice implementation. This;deadlock could occur during interactions between the;generic_file_splice_write() and splice_from_pipe() functions, possibly;leading to a partial denial of service on the file system partition where;the deadlock occurs. (CVE-2009-1961, Moderate) |
| Descripción: | Summary:
The remote host is missing updates announced in
advisory RHSA-2009:1157.
The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.
Security fixes:
* a flaw was found in the Intel PRO/1000 network driver in the Linux
kernel. Frames with sizes near the MTU of an interface may be split across
multiple hardware receive descriptors. Receipt of such a frame could leak
through a validation check, leading to a corruption of the length check. A
remote attacker could use this flaw to send a specially-crafted packet that
would cause a denial of service or code execution. (CVE-2009-1385,
Important)
* Michael Tokarev reported a flaw in the Realtek r8169 Ethernet driver in
the Linux kernel. This driver allowed interfaces using this driver to
receive frames larger than what could be handled. This could lead to a
remote denial of service or code execution. (CVE-2009-1389, Important)
* several flaws were found in the way the Linux kernel CIFS implementation
handles Unicode strings. CIFS clients convert Unicode strings sent by a
server to their local character sets, and then write those strings into
memory. If a malicious server sent a long enough string, it could write
past the end of the target memory region and corrupt other memory areas,
possibly leading to a denial of service or privilege escalation on the
client mounting the CIFS share. (CVE-2009-1633, Important)
* Frank Filz reported the NFSv4 client was missing a file permission check
for the execute bit in some situations. This could allow local,
unprivileged users to run non-executable files on NFSv4 mounted file
systems. (CVE-2009-1630, Moderate)
* a deadlock flaw was found in the Linux kernel splice implementation. This
deadlock could occur during interactions between the
generic_file_splice_write() and splice_from_pipe() functions, possibly
leading to a partial denial of service on the file system partition where
the deadlock occurs. (CVE-2009-1961, Moderate)
Solution:
Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date
CVSS Score:
7.8
CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
