| Descripción: | Description:
The remote host is missing updates announced in
advisory RHSA-2011:0883.
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
This update includes backported fixes for security issues. These issues,
except for CVE-2011-1182, only affected users of Red Hat Enterprise Linux
6.0 Extended Update Support as they have already been addressed for users
of Red Hat Enterprise Linux 6 in the 6.1 update, RHSA-2011:0542.
Security fixes:
* Buffer overflow flaws were found in the Linux kernel's Management Module
Support for Message Passing Technology (MPT) based controllers. A local,
unprivileged user could use these flaws to cause a denial of service, an
information leak, or escalate their privileges. (CVE-2011-1494,
CVE-2011-1495, Important)
* A flaw was found in the Linux kernel's networking subsystem. If the
number of packets received exceeded the receiver's buffer limit, they were
queued in a backlog, consuming memory, instead of being discarded. A remote
attacker could abuse this flaw to cause a denial of service (out-of-memory
condition). (CVE-2010-4251, CVE-2010-4805, Moderate)
* A flaw was found in the Linux kernel's Transparent Huge Pages (THP)
implementation. A local, unprivileged user could abuse this flaw to allow
the user stack (when it is using huge pages) to grow and cause a denial of
service. (CVE-2011-0999, Moderate)
* A flaw in the Linux kernel's Event Poll (epoll) implementation could
allow a local, unprivileged user to cause a denial of service.
(CVE-2011-1082, Moderate)
* An inconsistency was found in the interaction between the Linux kernel's
method for allocating NFSv4 (Network File System version 4) ACL data and
the method by which it was freed. This inconsistency led to a kernel panic
which could be triggered by a local, unprivileged user with files owned by
said user on an NFSv4 share. (CVE-2011-1090, Moderate)
* It was found that some structure padding and reserved fields in certain
data structures in KVM (Kernel-based Virtual Machine) were not initialized
properly before being copied to user-space. A privileged host user with
access to /dev/kvm could use this flaw to leak kernel stack memory to
user-space. (CVE-2010-3881, Low)
* A missing validation check was found in the Linux kernel's
mac_partition() implementation, used for supporting file systems created on
Mac OS operating systems. A local attacker could use this flaw to cause a
denial of service by mounting a disk that contains specially-crafted
partitions. (CVE-2011-1010, Low)
* A buffer overflow flaw in the DEC Alpha OSF partition implementation in
the Linux kernel could allow a local attacker to cause an information leak
by mounting a disk that contains specially-crafted partition tables.
(CVE-2011-1163, Low)
* Missing validations of null-terminated string data structure elements in
the do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(),
and do_arpt_get_ctl() functions could allow a local user who has the
CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170,
CVE-2011-1171, CVE-2011-1172, Low)
* A missing validation check was found in the Linux kernel's signals
implementation. A local, unprivileged user could use this flaw to send
signals via the sigqueueinfo system call, with the si_code set to SI_TKILL
and with spoofed process and user IDs, to other processes. Note: This flaw
does not allow existing permission checks to be bypassed
signals can only
be sent if your privileges allow you to already do so. (CVE-2011-1182, Low)
Red Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494 and
CVE-2011-1495
Nelson Elhage for reporting CVE-2011-1082
Vasiliy
Kulikov for reporting CVE-2010-3881, CVE-2011-1170, CVE-2011-1171, and
CVE-2011-1172
Timo Warns for reporting CVE-2011-1010 and CVE-2011-1163
and Julien Tinnes of the Google Security Team for reporting CVE-2011-1182.
This update also fixes three bugs. Documentation for these changes will
be available shortly from the Technical Notes document linked to in the
References section.
Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date
http://rhn.redhat.com/errata/RHSA-2011-0883.html
Risk factor : High
|
