ID de Prueba:	1.3.6.1.4.1.25623.1.0.68549
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2010:0936
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2010:0936. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * A flaw in sctp_packet_config() in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation could allow a remote attacker to cause a denial of service. (CVE-2010-3432, Important) * A missing integer overflow check in snd_ctl_new() in the Linux kernel's sound subsystem could allow a local, unprivileged user on a 32-bit system to cause a denial of service or escalate their privileges. (CVE-2010-3442, Important) Red Hat would like to thank Dan Rosenberg for reporting CVE-2010-3442. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0936.html http://www.redhat.com/security/updates/classification/#important Risk factor : High CVSS Score: 7.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3432 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console http://www.securityfocus.com/archive/1/520102/100/0/threaded 42400 http://secunia.com/advisories/42400 42778 http://secunia.com/advisories/42778 42789 http://secunia.com/advisories/42789 43480 http://www.securityfocus.com/bid/43480 46397 http://secunia.com/advisories/46397 ADV-2010-3113 http://www.vupen.com/english/advisories/2010/3113 ADV-2011-0012 http://www.vupen.com/english/advisories/2011/0012 ADV-2011-0024 http://www.vupen.com/english/advisories/2011/0024 ADV-2011-0298 http://www.vupen.com/english/advisories/2011/0298 DSA-2126 http://www.debian.org/security/2010/dsa-2126 RHSA-2010:0842 http://www.redhat.com/support/errata/RHSA-2010-0842.html RHSA-2010:0936 http://www.redhat.com/support/errata/RHSA-2010-0936.html RHSA-2010:0958 http://www.redhat.com/support/errata/RHSA-2010-0958.html RHSA-2011:0004 http://www.redhat.com/support/errata/RHSA-2011-0004.html SUSE-SA:2011:001 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html SUSE-SA:2011:007 http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html USN-1000-1 http://www.ubuntu.com/usn/USN-1000-1 [netdev] 20100915 [PATCH] net: SCTP remote/local Denial of Service vulnerability description and fix http://marc.info/?l=linux-netdev&m=128453869227715&w=3 [oss-security] 20100924 CVE Request -- Linux/SCTP DoS in sctp_packet_config() http://marc.info/?l=oss-security&m=128534569803598&w=2 [oss-security] 20100925 Re: CVE Request -- Linux/SCTP DoS in sctp_packet_config() http://marc.info/?l=oss-security&m=128537701808336&w=2 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4bdab43323b459900578b200a4b8cf9713ac8fab http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.6 http://www.vmware.com/security/advisories/VMSA-2011-0012.html https://bugzilla.redhat.com/show_bug.cgi?id=637675 Common Vulnerability Exposure (CVE) ID: CVE-2010-3442 42745 http://secunia.com/advisories/42745 42801 http://secunia.com/advisories/42801 43291 http://secunia.com/advisories/43291 43787 http://www.securityfocus.com/bid/43787 ADV-2010-3321 http://www.vupen.com/english/advisories/2010/3321 ADV-2011-0375 http://www.vupen.com/english/advisories/2011/0375 FEDORA-2010-18983 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html MDVSA-2010:257 http://www.mandriva.com/security/advisories?name=MDVSA-2010:257 SUSE-SA:2010:060 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html SUSE-SA:2011:002 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html SUSE-SA:2011:008 http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html [oss-security] 20100929 CVE request - kernel: prevent heap corruption in snd_ctl_new() http://www.openwall.com/lists/oss-security/2010/09/29/2 [oss-security] 20100929 Re: CVE request - kernel: prevent heap corruption in snd_ctl_new() http://www.openwall.com/lists/oss-security/2010/09/29/3 http://www.openwall.com/lists/oss-security/2010/09/29/4 http://www.openwall.com/lists/oss-security/2010/09/29/9 http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git%3Ba=commit%3Bh=5591bf07225523600450edd9e6ad258bb877b779 http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc5-next-20100928.bz2 https://bugzilla.redhat.com/show_bug.cgi?id=638478
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.