| Resumen: | The remote host is missing updates to the Linux kernel announced in;advisory RHSA-2009:1438.;;This update fixes the following security issues:;; * the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared when a;setuid or setgid program was executed. A local, unprivileged user could use;this flaw to bypass the mmap_min_addr protection mechanism and perform a;NULL pointer dereference attack, or bypass the Address Space Layout;Randomization (ASLR) security feature. (CVE-2009-1895, Important);; * it was discovered that, when executing a new process, the clear_child_tid;pointer in the Linux kernel is not cleared. If this pointer points to a;writable portion of the memory of the new program, the kernel could corrupt;four bytes of memory, possibly leading to a local denial of service or;privilege escalation. (CVE-2009-2848, Important);; * Solar Designer reported a missing capability check in the z90crypt driver;in the Linux kernel. This missing check could allow a local user with an;effective user ID (euid) of 0 to bypass intended capability restrictions.;(CVE-2009-1883, Moderate);; * a flaw was found in the way the do_sigaltstack() function in the Linux;kernel copies the stack_t structure to user-space. On 64-bit machines, this;flaw could lead to a four-byte information leak. (CVE-2009-2847, Moderate) |
| Descripción: | Summary:
The remote host is missing updates to the Linux kernel announced in
advisory RHSA-2009:1438.
This update fixes the following security issues:
* the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared when a
setuid or setgid program was executed. A local, unprivileged user could use
this flaw to bypass the mmap_min_addr protection mechanism and perform a
NULL pointer dereference attack, or bypass the Address Space Layout
Randomization (ASLR) security feature. (CVE-2009-1895, Important)
* it was discovered that, when executing a new process, the clear_child_tid
pointer in the Linux kernel is not cleared. If this pointer points to a
writable portion of the memory of the new program, the kernel could corrupt
four bytes of memory, possibly leading to a local denial of service or
privilege escalation. (CVE-2009-2848, Important)
* Solar Designer reported a missing capability check in the z90crypt driver
in the Linux kernel. This missing check could allow a local user with an
effective user ID (euid) of 0 to bypass intended capability restrictions.
(CVE-2009-1883, Moderate)
* a flaw was found in the way the do_sigaltstack() function in the Linux
kernel copies the stack_t structure to user-space. On 64-bit machines, this
flaw could lead to a four-byte information leak. (CVE-2009-2847, Moderate)
Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date
CVSS Score:
7.2
CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
