Red Hat Local Security Checks : RedHat Security Advisory RHSA-2012:1150

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.71922

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2012:1150

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing updates announced in
advisory RHSA-2012:1150.

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* A memory leak flaw was found in the way the Linux kernel's memory
subsystem handled resource clean up in the mmap() failure path when the
MAP_HUGETLB flag was set. A local, unprivileged user could use this flaw to
cause a denial of service. (CVE-2012-2390, Moderate)

* A flaw was found in the way the Linux kernel's Event Poll (epoll)
subsystem handled resource clean up when an ELOOP error code was returned.
A local, unprivileged user could use this flaw to cause a denial of
service. (CVE-2012-3375, Moderate)

This update also fixes the following bugs:

* The MRG 2.1 realtime kernel lacked support for automatic memory
reservation for the kdump kernel, as present in Red Hat Enterprise Linux
kernels. Using the parameter crashkernel=auto on the kernel boot command
line led to kdump being disabled because no memory was correctly reserved.
Support for crashkernel=auto has been implemented in the 3.0 realtime
kernel and now when the crashkernel=auto parameter is specified, machines
with more than 4GB of RAM have the amount of memory required by the kdump
kernel calculated and reserved. (BZ#820427)

* The current bnx2x driver in the MRG 2.1 realtime kernel had faulty
support for the network adapter PCI ID 14e4:168e and did not work
correctly. The bnx2x driver was updated to include support for this network
adapter. (BZ#839037)

Users should upgrade to these updated packages, which upgrade the kernel-rt
kernel to version kernel-rt-3.0.36-rt57, and correct these issues. The
system must be rebooted for this update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2012-1150.html

Risk factor : Medium

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-2390
USN-1515-1
http://www.ubuntu.com/usn/USN-1515-1
USN-1535-1
http://www.ubuntu.com/usn/USN-1535-1
[oss-security] 20120523 Re: CVE Request -- kernel: huge pages: memory leak on mmap failure
http://www.openwall.com/lists/oss-security/2012/05/23/14
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c50ac050811d6485616a193eb0f37bfbd191cc89
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.2
https://bugzilla.redhat.com/show_bug.cgi?id=824345
https://github.com/torvalds/linux/commit/c50ac050811d6485616a193eb0f37bfbd191cc89
Common Vulnerability Exposure (CVE) ID: CVE-2012-3375
1027237
http://www.securitytracker.com/id?1027237
51164
http://secunia.com/advisories/51164
USN-1529-1
http://ubuntu.com/usn/usn-1529-1
[oss-security] 20120704 Re: CVE Request -- kernel: epoll: can leak file descriptors when returning -ELOOP
http://www.openwall.com/lists/oss-security/2012/07/04/2
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=13d518074a952d33d47c428419693f63389547e9
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24
https://bugzilla.redhat.com/show_bug.cgi?id=837502
https://downloads.avaya.com/css/P8/documents/100165733
https://github.com/torvalds/linux/commit/13d518074a952d33d47c428419693f63389547e9

Copyright Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.71922
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2012:1150
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2012:1150. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A memory leak flaw was found in the way the Linux kernel's memory subsystem handled resource clean up in the mmap() failure path when the MAP_HUGETLB flag was set. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2390, Moderate) * A flaw was found in the way the Linux kernel's Event Poll (epoll) subsystem handled resource clean up when an ELOOP error code was returned. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-3375, Moderate) This update also fixes the following bugs: * The MRG 2.1 realtime kernel lacked support for automatic memory reservation for the kdump kernel, as present in Red Hat Enterprise Linux kernels. Using the parameter crashkernel=auto on the kernel boot command line led to kdump being disabled because no memory was correctly reserved. Support for crashkernel=auto has been implemented in the 3.0 realtime kernel and now when the crashkernel=auto parameter is specified, machines with more than 4GB of RAM have the amount of memory required by the kdump kernel calculated and reserved. (BZ#820427) * The current bnx2x driver in the MRG 2.1 realtime kernel had faulty support for the network adapter PCI ID 14e4:168e and did not work correctly. The bnx2x driver was updated to include support for this network adapter. (BZ#839037) Users should upgrade to these updated packages, which upgrade the kernel-rt kernel to version kernel-rt-3.0.36-rt57, and correct these issues. The system must be rebooted for this update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2012-1150.html Risk factor : Medium
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2390 USN-1515-1 http://www.ubuntu.com/usn/USN-1515-1 USN-1535-1 http://www.ubuntu.com/usn/USN-1535-1 [oss-security] 20120523 Re: CVE Request -- kernel: huge pages: memory leak on mmap failure http://www.openwall.com/lists/oss-security/2012/05/23/14 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c50ac050811d6485616a193eb0f37bfbd191cc89 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.2 https://bugzilla.redhat.com/show_bug.cgi?id=824345 https://github.com/torvalds/linux/commit/c50ac050811d6485616a193eb0f37bfbd191cc89 Common Vulnerability Exposure (CVE) ID: CVE-2012-3375 1027237 http://www.securitytracker.com/id?1027237 51164 http://secunia.com/advisories/51164 USN-1529-1 http://ubuntu.com/usn/usn-1529-1 [oss-security] 20120704 Re: CVE Request -- kernel: epoll: can leak file descriptors when returning -ELOOP http://www.openwall.com/lists/oss-security/2012/07/04/2 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=13d518074a952d33d47c428419693f63389547e9 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24 https://bugzilla.redhat.com/show_bug.cgi?id=837502 https://downloads.avaya.com/css/P8/documents/100165733 https://github.com/torvalds/linux/commit/13d518074a952d33d47c428419693f63389547e9
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com