| Description: | Summary:
The remote host is missing an update to kernel
announced via advisory FEDORA-2009-0816.
Note: This VT has been deprecated and is therefore no longer functional.
Vulnerability Insight:
The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.
Update Information:
Update to kernel 2.6.27.12
Includes security fixes:
CVE-2009-0029 Linux Kernel insecure 64 bit system call argument passing
CVE-2009-0065 kernel: sctp: memory overflow when FWD-TSN chunk is
received with bad stream ID
Also fixes bug 478299, reported against Fedora 10:
AVC denials on kernel 2.6.27.9-159.fc10.x86_64
Reverts ALSA driver to the version that is upstream in kernel 2.6.27.
This should fix lack of audio on headphone outputs for some notebooks.
ChangeLog:
* Mon Jan 19 2009 Chuck Ebbert 2.6.27.12-78.2.8
- Fix CVE-2009-0065: SCTP buffer overflow
* Mon Jan 19 2009 Chuck Ebbert 2.6.27.12-78.2.5
- Revert ALSA to what is upstream in 2.6.27.
* Mon Jan 19 2009 Kyle McMartin 2.6.27.12-78.2.4
- Linux 2.6.27.12
* Mon Jan 19 2009 Kyle McMartin
- Roll in xen changes to execshield diff as in later kernels.
(harmless on F-9 as xen was still separate.)
* Mon Jan 19 2009 Kyle McMartin
- execshield fixes: should no longer generate spurious handled GPFs,
fixes randomization of executables. also some clean ups.
* Fri Jan 16 2009 Chuck Ebbert 2.6.27.12-78.2.3.rc2
- Linux 2.6.27.12-rc2
Solution:
Apply the appropriate updates.
This update can be installed with the yum update program. Use
su -c 'yum update kernel' at the command line.
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
