CentOS Local Security Checks : CentOS Update for kernel CESA-2012:0052 centos6

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.881102

Categoría: CentOS Local Security Checks

Título: CentOS Update for kernel CESA-2012:0052 centos6

Resumen: The remote host is missing an update for the 'kernel'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issue:

* It was found that permissions were not checked properly in the Linux
kernel when handling the /proc/[pid]/mem writing functionality. A local,
unprivileged user could use this flaw to escalate their privileges. Refer
to Red Hat Knowledgebase article DOC-69129, linked to in the References,
for further information. (CVE-2012-0056, Important)

Red Hat would like to thank Jüri Aedla for reporting this issue.

This update fixes the following bugs:

* The RHSA-2011:1849 kernel update introduced a bug in the Linux kernel
scheduler, causing a 'WARNING: at kernel/sched.c:5915 thread_return'
message and a call trace to be logged. This message was harmless, and was
not due to any system malfunctions or adverse behavior. With this update,
the WARN_ON_ONCE() call in the scheduler that caused this harmless message
has been removed. (BZ#768288)

* The RHSA-2011:1530 kernel update introduced a regression in the way
the Linux kernel maps ELF headers for kernel modules into kernel memory.
If a third-party kernel module is compiled on a Red Hat Enterprise Linux
system with a kernel prior to RHSA-2011:1530, then loading that module on
a system with RHSA-2011:1530 kernel would result in corruption of one byte
in the memory reserved for the module. In some cases, this could prevent
the module from functioning correctly. (BZ#769595)

* On some SMP systems the tsc may erroneously be marked as unstable during
early system boot or while the system is under heavy load. A 'Clocksource
tsc unstable' message was logged when this occurred. As a result the system
would switch to the slower access, but higher precision HPET clock.

The 'tsc=reliable' kernel parameter is supposed to avoid this problem by
indicating that the system has a known good clock, however, the parameter
only affected run time checks. A fix has been put in to avoid the boot
time checks so that the TSC remains as the clock for the duration of
system runtime. (BZ#755867)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

Affected Software/OS:
kernel on CentOS 6

Solution:
Please install the updated packages.

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-0056
47708
http://secunia.com/advisories/47708
51625
http://www.securityfocus.com/bid/51625
RHSA-2012:0052
http://www.redhat.com/support/errata/RHSA-2012-0052.html
RHSA-2012:0061
http://www.redhat.com/support/errata/RHSA-2012-0061.html
USN-1336-1
http://ubuntu.com/usn/usn-1336-1
VU#470151
http://www.kb.cert.org/vuls/id/470151
[oss-security] 20120117 Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling
http://www.openwall.com/lists/oss-security/2012/01/18/2
[oss-security] 20120118 CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling
http://www.openwall.com/lists/oss-security/2012/01/18/1
[oss-security] 20120119 Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling
http://www.openwall.com/lists/oss-security/2012/01/19/4
[oss-security] 20120122 Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling
http://www.openwall.com/lists/oss-security/2012/01/22/4
http://blog.zx2c4.com/749
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=e268337dfe26dfc7efd422a804dbb27977a3cccc
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2
https://bugzilla.redhat.com/show_bug.cgi?id=782642

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.881102
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for kernel CESA-2012:0052 centos6
Resumen:	The remote host is missing an update for the 'kernel'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the referenced advisory. Vulnerability Insight: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * It was found that permissions were not checked properly in the Linux kernel when handling the /proc/[pid]/mem writing functionality. A local, unprivileged user could use this flaw to escalate their privileges. Refer to Red Hat Knowledgebase article DOC-69129, linked to in the References, for further information. (CVE-2012-0056, Important) Red Hat would like to thank Jüri Aedla for reporting this issue. This update fixes the following bugs: * The RHSA-2011:1849 kernel update introduced a bug in the Linux kernel scheduler, causing a 'WARNING: at kernel/sched.c:5915 thread_return' message and a call trace to be logged. This message was harmless, and was not due to any system malfunctions or adverse behavior. With this update, the WARN_ON_ONCE() call in the scheduler that caused this harmless message has been removed. (BZ#768288) * The RHSA-2011:1530 kernel update introduced a regression in the way the Linux kernel maps ELF headers for kernel modules into kernel memory. If a third-party kernel module is compiled on a Red Hat Enterprise Linux system with a kernel prior to RHSA-2011:1530, then loading that module on a system with RHSA-2011:1530 kernel would result in corruption of one byte in the memory reserved for the module. In some cases, this could prevent the module from functioning correctly. (BZ#769595) * On some SMP systems the tsc may erroneously be marked as unstable during early system boot or while the system is under heavy load. A 'Clocksource tsc unstable' message was logged when this occurred. As a result the system would switch to the slower access, but higher precision HPET clock. The 'tsc=reliable' kernel parameter is supposed to avoid this problem by indicating that the system has a known good clock, however, the parameter only affected run time checks. A fix has been put in to avoid the boot time checks so that the TSC remains as the clock for the duration of system runtime. (BZ#755867) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. Affected Software/OS: kernel on CentOS 6 Solution: Please install the updated packages. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0056 47708 http://secunia.com/advisories/47708 51625 http://www.securityfocus.com/bid/51625 RHSA-2012:0052 http://www.redhat.com/support/errata/RHSA-2012-0052.html RHSA-2012:0061 http://www.redhat.com/support/errata/RHSA-2012-0061.html USN-1336-1 http://ubuntu.com/usn/usn-1336-1 VU#470151 http://www.kb.cert.org/vuls/id/470151 [oss-security] 20120117 Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling http://www.openwall.com/lists/oss-security/2012/01/18/2 [oss-security] 20120118 CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling http://www.openwall.com/lists/oss-security/2012/01/18/1 [oss-security] 20120119 Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling http://www.openwall.com/lists/oss-security/2012/01/19/4 [oss-security] 20120122 Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling http://www.openwall.com/lists/oss-security/2012/01/22/4 http://blog.zx2c4.com/749 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=e268337dfe26dfc7efd422a804dbb27977a3cccc http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2 https://bugzilla.redhat.com/show_bug.cgi?id=782642
Copyright	Copyright (C) 2012 Greenbone AG