ID de Prueba:	1.3.6.1.4.1.25623.1.0.71935
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2012:0116
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2012:0116. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues. (CVE-2011-1020, Moderate) * Non-member VLAN (virtual LAN) packet handling for interfaces in promiscuous mode and also using the be2net driver could allow an attacker on the local network to cause a denial of service. (CVE-2011-3347, Moderate) * A missing validation flaw was found in the Linux kernel's m_stop() implementation. A local, unprivileged user could use this flaw to trigger a denial of service. (CVE-2011-3637, Moderate) * A flaw was found in the Linux kernel in the way splitting two extents in ext4_ext_convert_to_initialized() worked. A local, unprivileged user with the ability to mount and unmount ext4 file systems could use this flaw to cause a denial of service. (CVE-2011-3638, Moderate) * A NULL pointer dereference flaw was found in the way the Linux kernel's key management facility handled user-defined key types. A local, unprivileged user could use the keyctl utility to cause a denial of service. (CVE-2011-4110, Moderate) Red Hat would like to thank Kees Cook for reporting CVE-2011-1020 Somnath Kotur for reporting CVE-2011-3347 and Zheng Liu for reporting CVE-2011-3638. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2012-0116.html Risk factor : Medium
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1020 20110122 Proc filesystem and SUID-Binaries http://seclists.org/fulldisclosure/2011/Jan/421 43496 http://secunia.com/advisories/43496 46567 http://www.securityfocus.com/bid/46567 8107 http://securityreason.com/securityalert/8107 [linux-kernel] 20110207 Re: [SECURITY] /proc/$pid/ leaks contents across setuid exec https://lkml.org/lkml/2011/2/7/414 https://lkml.org/lkml/2011/2/7/474 [linux-kernel] 20110207 [SECURITY] /proc/$pid/ leaks contents across setuid exec https://lkml.org/lkml/2011/2/7/368 [linux-kernel] 20110208 Re: [SECURITY] /proc/$pid/ leaks contents across setuid exec https://lkml.org/lkml/2011/2/7/404 https://lkml.org/lkml/2011/2/7/466 [linux-kernel] 20110209 Re: [SECURITY] /proc/$pid/ leaks contents across setuid exec https://lkml.org/lkml/2011/2/10/21 https://lkml.org/lkml/2011/2/9/417 [oss-security] 20110224 CVE request: kernel: /proc/$pid/ leaks contents across setuid exec http://openwall.com/lists/oss-security/2011/02/24/18 [oss-security] 20110225 Re: CVE request: kernel: /proc/$pid/ leaks contents across setuid exec http://openwall.com/lists/oss-security/2011/02/25/2 http://www.halfdog.net/Security/2011/SuidBinariesAndProcInterface/ kernel-procpid-security-bypass(65693) https://exchange.xforce.ibmcloud.com/vulnerabilities/65693 Common Vulnerability Exposure (CVE) ID: CVE-2011-3347 https://bugzilla.redhat.com/show_bug.cgi?id=736425 https://oss.oracle.com/git/?p=redpatch.git%3Ba=commit%3Bh=fadca7bdc43b02f518585d9547019966415cadfd Common Vulnerability Exposure (CVE) ID: CVE-2011-3637 [oss-security] 20120206 CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access http://www.openwall.com/lists/oss-security/2012/02/06/1 http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=76597cd31470fa130784c78fadb4dab2e624a723 https://bugzilla.redhat.com/show_bug.cgi?id=747848 https://github.com/torvalds/linux/commit/76597cd31470fa130784c78fadb4dab2e624a723 Common Vulnerability Exposure (CVE) ID: CVE-2011-3638 [oss-security] 20111024 Re: CVE Request -- kernel: ext4: ext4_ext_insert_extent() kernel oops http://www.openwall.com/lists/oss-security/2011/10/24/2 http://ftp.osuosl.org/pub/linux/kernel/v3.0/ChangeLog-3.0 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=667eff35a1f56fa74ce98a0c7c29a40adc1ba4e3 https://bugzilla.redhat.com/show_bug.cgi?id=747942 https://github.com/torvalds/linux/commit/667eff35a1f56fa74ce98a0c7c29a40adc1ba4e3 Common Vulnerability Exposure (CVE) ID: CVE-2011-4110 47754 http://secunia.com/advisories/47754 50755 http://www.securityfocus.com/bid/50755 HPSBGN02970 http://marc.info/?l=bugtraq&m=139447903326211&w=2 USN-1324-1 http://www.ubuntu.com/usn/USN-1324-1 USN-1328-1 http://www.ubuntu.com/usn/USN-1328-1 USN-1344-1 http://www.ubuntu.com/usn/USN-1344-1 [linux-kernel] 20111115 [PATCH] KEYS: Fix a NULL pointer deref in the user-defined key type https://lkml.org/lkml/2011/11/15/363 [oss-security] 20111121 CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type http://www.openwall.com/lists/oss-security/2011/11/21/19 [oss-security] 20111121 Re: CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type http://www.openwall.com/lists/oss-security/2011/11/22/6 [oss-security] 20111122 Re: CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type http://www.openwall.com/lists/oss-security/2011/11/22/5 https://bugzilla.redhat.com/show_bug.cgi?id=751297
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.