| Descripción: | Description:
The remote host is missing updates announced in
advisory RHSA-2010:0606.
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
This update fixes the following security issues:
* a flaw was found in the CIFSSMBWrite() function in the Linux kernel
Common Internet File System (CIFS) implementation. A remote attacker could
send a specially-crafted SMB response packet to a target CIFS client,
resulting in a kernel panic (denial of service). (CVE-2010-2248, Important)
* buffer overflow flaws were found in the Linux kernel's implementation of
the server-side External Data Representation (XDR) for the Network File
System (NFS) version 4. An attacker on the local network could send a
specially-crafted large compound request to the NFSv4 server, which could
possibly result in a kernel panic (denial of service) or, potentially, code
execution. (CVE-2010-2521, Important)
This update also fixes the following bug:
* the rpc_call_async() function in the SUN Remote Procedure Call (RPC)
subsystem in the Linux kernel had a reference counting bug. In certain
situations, some Network Lock Manager (NLM) messages may have triggered
this bug on NFSv2 and NFSv3 servers, leading to a kernel panic (with
kernel BUG at fs/lockd/host.c:[xxx]! logged to /var/log/messages).
(BZ#612962)
Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.
Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date
http://rhn.redhat.com/errata/RHSA-2010-0606.html
http://www.redhat.com/security/updates/classification/#important
Risk factor : Critical
CVSS Score:
10.0
|
