ID de Prueba:	1.3.6.1.4.1.25623.1.0.871794
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for kernel RHSA-2017:0892-01
Resumen:	The remote host is missing an update for the 'kernel'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the referenced advisory. Vulnerability Insight: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system. (CVE-2017-2636, Important) * A flaw was found in the Linux kernel's implementation of seq_file where a local attacker could manipulate memory in the put() function pointer. This could lead to memory corruption and possible privileged escalation. (CVE-2016-7910, Moderate) Red Hat would like to thank Alexander Popov for reporting CVE-2017-2636. Bug Fix(es): * Previously, Chelsio firmware included an incorrectly-formatted firmware bin file. As a consequence, the firmware could not be flashed. This update provides a firmware bin file that is formatted correctly. As a result, Chelsio firmware can now be flashed successfully. (BZ#1433865) * When multiple simultaneous processes attempted to read from the /proc/stat file, spinlock overhead was generated on Non-Uniform Memory Access (NUMA) systems. Consequently, a large amount of CPU was consumed. With this update, the underlying source code has been fixed to avoid taking spinlock when the interrupt line does not exist. As a result, the spinlock overhead is now generated less often, and multiple simultaneous processes can now read /proc/stat without consuming a large amount of CPU. (BZ#1428106) Affected Software/OS: kernel on Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-7910 BugTraq ID: 94135 http://www.securityfocus.com/bid/94135 RedHat Security Advisories: RHSA-2017:0892 https://access.redhat.com/errata/RHSA-2017:0892 RedHat Security Advisories: RHSA-2017:1297 https://access.redhat.com/errata/RHSA-2017:1297 RedHat Security Advisories: RHSA-2017:1298 https://access.redhat.com/errata/RHSA-2017:1298 RedHat Security Advisories: RHSA-2017:1308 https://access.redhat.com/errata/RHSA-2017:1308 Common Vulnerability Exposure (CVE) ID: CVE-2017-2636 1037963 http://www.securitytracker.com/id/1037963 96732 http://www.securityfocus.com/bid/96732 DSA-3804 http://www.debian.org/security/2017/dsa-3804 RHSA-2017:0892 RHSA-2017:0931 https://access.redhat.com/errata/RHSA-2017:0931 RHSA-2017:0932 https://access.redhat.com/errata/RHSA-2017:0932 RHSA-2017:0933 https://access.redhat.com/errata/RHSA-2017:0933 RHSA-2017:0986 https://access.redhat.com/errata/RHSA-2017:0986 RHSA-2017:1125 https://access.redhat.com/errata/RHSA-2017:1125 RHSA-2017:1126 https://access.redhat.com/errata/RHSA-2017:1126 RHSA-2017:1232 https://access.redhat.com/errata/RHSA-2017:1232 RHSA-2017:1233 https://access.redhat.com/errata/RHSA-2017:1233 RHSA-2017:1488 https://access.redhat.com/errata/RHSA-2017:1488 [oss-security] 20170307 Linux kernel: CVE-2017-2636: local privilege escalation flaw in n_hdlc http://www.openwall.com/lists/oss-security/2017/03/07/6 https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html https://bugzilla.redhat.com/show_bug.cgi?id=1428319
Copyright	Copyright (C) 2017 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.