| Descripción: | Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.
Vulnerability Insight:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
This update fixes the following security issues:
* A flaw was found in sctp_packet_config() in the Linux kernel's Stream
Control Transmission Protocol (SCTP) implementation. A remote attacker
could use this flaw to cause a denial of service. (CVE-2010-3432,
Important)
* A missing integer overflow check was found in snd_ctl_new() in the Linux
kernel's sound subsystem. A local, unprivileged user on a 32-bit system
could use this flaw to cause a denial of service or escalate their
privileges. (CVE-2010-3442, Important)
* A heap overflow flaw in the Linux kernel's Transparent Inter-Process
Communication protocol (TIPC) implementation could allow a local,
unprivileged user to escalate their privileges. (CVE-2010-3859, Important)
* An integer overflow flaw was found in the Linux kernel's Reliable
Datagram Sockets (RDS) protocol implementation. A local, unprivileged user
could use this flaw to cause a denial of service or escalate their
privileges. (CVE-2010-3865, Important)
* A flaw was found in the Xenbus code for the unified block-device I/O
interface back end. A privileged guest user could use this flaw to cause a
denial of service on the host system running the Xen hypervisor.
(CVE-2010-3699, Moderate)
* Missing sanity checks were found in setup_arg_pages() in the Linux
kernel. When making the size of the argument and environment area on the
stack very large, it could trigger a BUG_ON(), resulting in a local denial
of service. (CVE-2010-3858, Moderate)
* A flaw was found in inet_csk_diag_dump() in the Linux kernel's module for
monitoring the sockets of INET transport protocols. By sending a netlink
message with certain bytecode, a local, unprivileged user could cause a
denial of service. (CVE-2010-3880, Moderate)
* Missing sanity checks were found in gdth_ioctl_alloc() in the gdth driver
in the Linux kernel. A local user with access to '/dev/gdth' on a 64-bit
system could use this flaw to cause a denial of service or escalate their
privileges. (CVE-2010-4157, Moderate)
* The fix for Red Hat Bugzilla bug 484590 as provided in RHSA-2009:1243
introduced a regression. A local, unprivileged user could use this flaw to
cause a denial of service. (CVE-2010-4161, Moderate)
* A NULL pointer dereference flaw was found in the Bluetooth HCI UART
driver in the Linux kernel. A local, unprivileged user could use this flaw
to cause a denial of service. (CVE-2010-4242, Moderate)
* It was found that a malic ...
Description truncated, please see the referenced URL(s) for more information.
Affected Software/OS:
kernel on CentOS 5
Solution:
Please install the updated packages.
CVSS Score:
7.8
CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
