ID de Prueba:	1.3.6.1.4.1.25623.1.0.67366
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2010:0398
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2010:0398. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * a flaw was found in the Unidirectional Lightweight Encapsulation (ULE) implementation. A remote attacker could send a specially-crafted ISO MPEG-2 Transport Stream (TS) frame to a target system, resulting in an infinite loop (denial of service). (CVE-2010-1086, Important) * on AMD64 systems, it was discovered that the kernel did not ensure the ELF interpreter was available before making a call to the SET_PERSONALITY macro. A local attacker could use this flaw to cause a denial of service by running a 32-bit application that attempts to execute a 64-bit application. (CVE-2010-0307, Moderate) * a flaw was found in the kernel connector implementation. A local, unprivileged user could trigger this flaw by sending an arbitrary number of notification requests using specially-crafted netlink messages, resulting in a denial of service. (CVE-2010-0410, Moderate) * a flaw was found in the Memory-mapped I/O (MMIO) instruction decoder in the Xen hypervisor implementation. An unprivileged guest user could use this flaw to trick the hypervisor into emulating a certain instruction, which could crash the guest (denial of service). (CVE-2010-0730, Moderate) * a divide-by-zero flaw was found in the azx_position_ok() function in the driver for Intel High Definition Audio, snd-hda-intel. A local, unprivileged user could trigger this flaw to cause a kernel crash (denial of service). (CVE-2010-1085, Moderate) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0398.html http://www.redhat.com/security/updates/classification/#important Risk factor : High CVSS Score: 7.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0307 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX http://www.securityfocus.com/archive/1/516397/100/0/threaded 38027 http://www.securityfocus.com/bid/38027 38492 http://secunia.com/advisories/38492 38779 http://secunia.com/advisories/38779 38922 http://secunia.com/advisories/38922 39649 http://secunia.com/advisories/39649 43315 http://secunia.com/advisories/43315 ADV-2010-0638 http://www.vupen.com/english/advisories/2010/0638 DSA-1996 http://www.debian.org/security/2010/dsa-1996 FEDORA-2010-1787 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html MDVSA-2010:066 http://www.mandriva.com/security/advisories?name=MDVSA-2010:066 RHSA-2010:0146 https://rhn.redhat.com/errata/RHSA-2010-0146.html RHSA-2010:0398 http://www.redhat.com/support/errata/RHSA-2010-0398.html RHSA-2010:0771 http://www.redhat.com/support/errata/RHSA-2010-0771.html SUSE-SA:2010:014 http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html USN-914-1 http://www.ubuntu.com/usn/USN-914-1 [linux-mm] 20100128 DoS on x86_64 http://marc.info/?l=linux-mm&m=126466407724382&w=2 [oss-security] 20100201 CVE request - kernel: DoS on x86_64 http://www.openwall.com/lists/oss-security/2010/02/01/1 [oss-security] 20100201 Re: CVE request - kernel: DoS on x86_64 http://www.openwall.com/lists/oss-security/2010/02/01/5 [oss-security] 20100203 Re: CVE request - kernel: DoS on x86_64 http://www.openwall.com/lists/oss-security/2010/02/04/1 [oss-security] 20100204 Re: CVE request - kernel: DoS on x86_64 http://www.openwall.com/lists/oss-security/2010/02/04/9 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=221af7f87b97431e3ee21ce4b0e77d5411cf1549 http://marc.info/?t=126466700200002&r=1&w=2 http://support.avaya.com/css/P8/documents/100088287 http://www.globalsecuritymag.com/Vigil-nce-Linux-kernel-denial-of%2C20100202%2C15754.html http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.8 http://www.vmware.com/security/advisories/VMSA-2011-0003.html https://bugzilla.redhat.com/show_bug.cgi?id=560547 oval:org.mitre.oval:def:10870 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10870 Common Vulnerability Exposure (CVE) ID: CVE-2010-0410 38058 http://www.securityfocus.com/bid/38058 38557 http://secunia.com/advisories/38557 39033 http://secunia.com/advisories/39033 39742 http://secunia.com/advisories/39742 DSA-2005 http://www.debian.org/security/2010/dsa-2005 FEDORA-2010-1804 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035070.html MDVSA-2010:088 http://www.mandriva.com/security/advisories?name=MDVSA-2010:088 RHSA-2010:0161 http://www.redhat.com/support/errata/RHSA-2010-0161.html SUSE-SA:2010:018 http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00006.html SUSE-SA:2010:019 http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00007.html SUSE-SA:2010:023 http://www.novell.com/linux/security/advisories/2010_23_kernel.html [oss-security] 20100203 CVE request: kernel OOM/crash in drivers/connector http://www.openwall.com/lists/oss-security/2010/02/03/1 [oss-security] 20100203 Re: CVE request: kernel OOM/crash in drivers/connector http://www.openwall.com/lists/oss-security/2010/02/03/3 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f98bfbd78c37c5946cc53089da32a5f741efdeb7 https://bugzilla.redhat.com/show_bug.cgi?id=561682 oval:org.mitre.oval:def:10903 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10903 Common Vulnerability Exposure (CVE) ID: CVE-2010-0730 39979 http://www.securityfocus.com/bid/39979 [oss-security] 20100507 CVE-2010-0730 xen: emulator instruction decoding inconsistency http://www.openwall.com/lists/oss-security/2010/05/07/1 https://bugzilla.redhat.com/show_bug.cgi?id=572971 oval:org.mitre.oval:def:11430 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11430 Common Vulnerability Exposure (CVE) ID: CVE-2010-1085 BugTraq ID: 38348 http://www.securityfocus.com/bid/38348 Bugtraq: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (Google Search) http://nctritech.net/bugreport.txt http://lkml.org/lkml/2010/2/5/322 http://www.openwall.com/lists/oss-security/2010/02/22/2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10027 http://www.redhat.com/support/errata/RHSA-2010-0394.html Common Vulnerability Exposure (CVE) ID: CVE-2010-1086 BugTraq ID: 38479 http://www.securityfocus.com/bid/38479 Debian Security Information: DSA-2053 (Google Search) http://www.debian.org/security/2010/dsa-2053 http://www.openwall.com/lists/oss-security/2010/03/01/1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10569 http://secunia.com/advisories/39830 SuSE Security Announcement: SUSE-SA:2010:019 (Google Search) SuSE Security Announcement: SUSE-SA:2010:023 (Google Search)
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.