Test ID:	1.3.6.1.4.1.25623.1.0.51973
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2005:945
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory CLA-2005:945. The Linux kernel is responsible for handling the basic functions of the GNU/Linux operating system. The following vulnerabilities are being fixed in this update: 1. CVE-2005-0767 Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 allows local users with DRI privileges to execute arbitrary code as root. 2. CVE-2005-0209 Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via crafted IP packet fragments. 3. CVE-2005-0449 The netfilter/iptables module in Linux before 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) or bypass firewall rules via crafted packets, which are not properly handled by the skb_checksum_help function. 4. CVE-2005-0210 Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a denial of service (memory consumption) via certain packet fragments that are reassembled twice, which causes a data structure to be allocated twice. These other changes have also been made: - the base kernel has been upgraded to version 2.6.11. - the NVidia driver has been upgraded to version 7167 - DRBD has been upgraded to version 0.7.10 - the hsfmodem driver has been upgraded to version 7.18.00.03full - the slmodem driver has been upgraded to version 2.9.10 - the ndiswrapper driver has been upgraded to version 1.1 - lm_sensors has been upgraded to version 2.9.0[11] Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://linux.bkbits.net:8080/linux-2.6/cset@42088d17CO1mOAfgW4R46WRTm9gkwA http://linux.bkbits.net:8080/linux-2.6/gnupatch@41f59581p1swNaow4K1aBglV-q2jfQ http://linux.bkbits.net:8080/linux-2.6/gnupatch@41f8843a8ZMCNuP3meYAYnnXd3CO_g http://linux.bkbits.net:8080/linux-2.5/gnupatch@41fd96c39V0t4MxKFxE1aZn2f4b5UA http://linux.bkbits.net:8080/linux-2.5/gnupatch@41fdb84aBJklcjU85o1N1_dsch6HBw http://www.conectiva.com.br/suporte/pr/sistema.kernel.atualizar.html http://bugzilla.conectiva.com.br/show_bug.cgi?id=13716 http://www.securityspace.com/smysecure/catid.html?in=CLA-2005:945 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000945 Risk factor : High CVSS Score: 7.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0767 Conectiva Linux advisory: CLA-2005:945 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000945 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10431 RedHat Security Advisories: RHSA-2005:366 https://usn.ubuntu.com/95-1/ Common Vulnerability Exposure (CVE) ID: CVE-2005-0209 BugTraq ID: 12598 http://www.securityfocus.com/bid/12598 Bugtraq: 20050315 [USN-95-1] Linux kernel vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=111091402626556&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11855 http://www.redhat.com/support/errata/RHSA-2005-420.html SuSE Security Announcement: SUSE-SA:2005:018 (Google Search) http://www.novell.com/linux/security/advisories/2005_18_kernel.html Common Vulnerability Exposure (CVE) ID: CVE-2005-0449 Debian Security Information: DSA-1017 (Google Search) http://www.debian.org/security/2006/dsa-1017 Debian Security Information: DSA-1018 (Google Search) http://www.debian.org/security/2006/dsa-1018 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532 http://www.mandriva.com/security/advisories?name=MDKSA-2005:218 http://oss.sgi.com/archives/netdev/2005-01/msg01036.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10753 http://www.redhat.com/support/errata/RHSA-2005-283.html http://www.redhat.com/support/errata/RHSA-2005-284.html http://www.redhat.com/support/errata/RHSA-2005-293.html http://secunia.com/advisories/19369 http://secunia.com/advisories/19374 http://secunia.com/advisories/19607 SGI Security Advisory: 20060402-01-U ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U https://usn.ubuntu.com/82-1/ Common Vulnerability Exposure (CVE) ID: CVE-2005-0210 BugTraq ID: 12816 http://www.securityfocus.com/bid/12816 http://www.mandriva.com/security/advisories?name=MDKSA-2005:219 http://www.osvdb.org/14966 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10275 http://rhn.redhat.com/errata/RHSA-2005-366.html RedHat Security Advisories: RHSA-2005:663 http://rhn.redhat.com/errata/RHSA-2005-663.html http://secunia.com/advisories/14295 http://secunia.com/advisories/17002 http://secunia.com/advisories/17826 http://www.vupen.com/english/advisories/2005/1878
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.