| Description: | Description:
The remote host is missing updates announced in
advisory RHSA-2004:689.
The Linux kernel handles the basic functions of the operating system.
This advisory includes fixes for several security issues:
Petr Vandrovec discovered a flaw in the 32bit emulation code affecting the
Linux 2.4 kernel on the AMD64 architecture. A local attacker could use
this flaw to gain privileges. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CVE-2004-1144 to this issue.
ISEC security research discovered multiple vulnerabilities in the IGMP
functionality which was backported in the Red Hat Enterprise Linux 3
kernels. These flaws could allow a local user to cause a denial of
service (crash) or potentially gain privileges. Where multicast
applications are being used on a system, these flaws may also allow remote
users to cause a denial of service. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2004-1137 to
this issue.
ISEC security research and Georgi Guninski independantly discovered a flaw
in the scm_send function in the auxiliary message layer. A local user
could create a carefully crafted auxiliary message which could cause a
denial of service (system hang). The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CVE-2004-1016 to this issue.
A floating point information leak was discovered in the ia64 architecture
context switch code. A local user could use this flaw to read register
values of other processes by setting the MFH bit. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2004-0565 to this issue.
Kirill Korotaev found a flaw in load_elf_binary affecting kernels prior to
2.4.26. A local user could create a carefully crafted binary in such a
way that it would cause a denial of service (system crash). The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2004-1234 to this issue.
These packages also fix issues in the io_edgeport driver, and a memory leak
in ip_options_get.
Note: The kernel-unsupported package contains various drivers and modules
that are unsupported and therefore might contain security problems that
have not been addressed.
All Red Hat Enterprise Linux 3 users are advised to upgrade their
kernels to the packages associated with their machine architectures
and configurations as listed in this erratum.
Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date
http://rhn.redhat.com/errata/RHSA-2004-689.html
Risk factor : Critical
CVSS Score:
10.0
|
