ID de Prueba:	1.3.6.1.4.1.25623.1.0.68301
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2010:0779
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2010:0779. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Information leak flaws were found in the Linux kernel Traffic Control Unit implementation. A local attacker could use these flaws to cause the kernel to leak kernel memory to user-space, possibly leading to the disclosure of sensitive information. (CVE-2010-2942, Moderate) * A flaw was found in the tcf_act_police_dump() function in the Linux kernel network traffic policing implementation. A data structure in tcf_act_police_dump() was not initialized properly before being copied to user-space. A local, unprivileged user could use this flaw to cause an information leak. (CVE-2010-3477, Moderate) * A missing upper bound integer check was found in the sys_io_submit() function in the Linux kernel asynchronous I/O implementation. A local, unprivileged user could use this flaw to cause an information leak. (CVE-2010-3067, Low) Red Hat would like to thank Tavis Ormandy for reporting CVE-2010-3067. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0779.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : Medium CVSS Score: 4.9
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2942 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console http://www.securityfocus.com/archive/1/520102/100/0/threaded 41512 http://secunia.com/advisories/41512 42529 http://www.securityfocus.com/bid/42529 46397 http://secunia.com/advisories/46397 ADV-2010-2430 http://www.vupen.com/english/advisories/2010/2430 ADV-2011-0298 http://www.vupen.com/english/advisories/2011/0298 RHSA-2010:0723 http://www.redhat.com/support/errata/RHSA-2010-0723.html RHSA-2010:0771 http://www.redhat.com/support/errata/RHSA-2010-0771.html RHSA-2010:0779 http://www.redhat.com/support/errata/RHSA-2010-0779.html SUSE-SA:2010:040 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html SUSE-SA:2010:041 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html SUSE-SA:2010:054 http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html SUSE-SA:2010:060 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html SUSE-SA:2011:007 http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html USN-1000-1 http://www.ubuntu.com/usn/USN-1000-1 [oss-security] 20100818 CVE request - kernel: net sched memleak http://www.openwall.com/lists/oss-security/2010/08/18/1 [oss-security] 20100819 Re: CVE request - kernel: net sched memleak http://www.openwall.com/lists/oss-security/2010/08/19/4 http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=1c40be12f7d8ca1d387510d39787b12e512a7ce8 http://patchwork.ozlabs.org/patch/61857/ http://support.avaya.com/css/P8/documents/100113326 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc2 http://www.vmware.com/security/advisories/VMSA-2011-0012.html https://bugzilla.redhat.com/show_bug.cgi?id=624903 Common Vulnerability Exposure (CVE) ID: CVE-2010-3067 42778 http://secunia.com/advisories/42778 42801 http://secunia.com/advisories/42801 42890 http://secunia.com/advisories/42890 43291 http://secunia.com/advisories/43291 ADV-2011-0012 http://www.vupen.com/english/advisories/2011/0012 ADV-2011-0375 http://www.vupen.com/english/advisories/2011/0375 DSA-2126 http://www.debian.org/security/2010/dsa-2126 MDVSA-2010:257 http://www.mandriva.com/security/advisories?name=MDVSA-2010:257 MDVSA-2011:029 http://www.mandriva.com/security/advisories?name=MDVSA-2011:029 MDVSA-2011:051 http://www.mandriva.com/security/advisories?name=MDVSA-2011:051 RHSA-2010:0758 http://www.redhat.com/support/errata/RHSA-2010-0758.html RHSA-2010:0839 http://www.redhat.com/support/errata/RHSA-2010-0839.html RHSA-2011:0007 http://www.redhat.com/support/errata/RHSA-2011-0007.html SUSE-SA:2011:001 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html SUSE-SA:2011:002 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html SUSE-SA:2011:008 http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=75e1c70fc31490ef8a373ea2a4bea2524099b478 http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc4-next-20100915.bz2 https://bugzilla.redhat.com/show_bug.cgi?id=629441 kernel-doiosubmit-dos(61884) https://exchange.xforce.ibmcloud.com/vulnerabilities/61884 Common Vulnerability Exposure (CVE) ID: CVE-2010-3477 Bugtraq: 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (Google Search) Debian Security Information: DSA-2126 (Google Search) http://www.securitytracker.com/id?1024603
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.