| Summary: | The remote host is missing updates to the kernel announced in;advisory RHSA-2009:0331.;;This update addresses the following security issues:;; * a buffer overflow was found in the Linux kernel Partial Reliable Stream;Control Transmission Protocol (PR-SCTP) implementation. This could,;potentially, lead to a denial of service if a Forward-TSN chunk is received;with a large stream ID. (CVE-2009-0065, Important);; * a memory leak was found in keyctl handling. A local, unprivileged user;could use this flaw to deplete kernel memory, eventually leading to a;denial of service. (CVE-2009-0031, Important);; * a deficiency was found in the Remote BIOS Update (RBU) driver for Dell;systems. This could allow a local, unprivileged user to cause a denial of;service by reading zero bytes from the image_type or packet_size file in;/sys/devices/platform/dell_rbu/. (CVE-2009-0322, Important);; * a deficiency was found in the libATA implementation. This could,;potentially, lead to a denial of service. Note: by default, /dev/sg*;devices are accessible only to the root user. (CVE-2008-5700, Low);;This update also fixes a number of non-security related bugs.;For details, please visit the referenced advisories.;;All Red Hat Enterprise Linux 4 users should upgrade to these updated;packages, which contain backported patches to resolve these issues. The;system must be rebooted for this update to take effect. |
| Description: | Summary:
The remote host is missing updates to the kernel announced in
advisory RHSA-2009:0331.
This update addresses the following security issues:
* a buffer overflow was found in the Linux kernel Partial Reliable Stream
Control Transmission Protocol (PR-SCTP) implementation. This could,
potentially, lead to a denial of service if a Forward-TSN chunk is received
with a large stream ID. (CVE-2009-0065, Important)
* a memory leak was found in keyctl handling. A local, unprivileged user
could use this flaw to deplete kernel memory, eventually leading to a
denial of service. (CVE-2009-0031, Important)
* a deficiency was found in the Remote BIOS Update (RBU) driver for Dell
systems. This could allow a local, unprivileged user to cause a denial of
service by reading zero bytes from the image_type or packet_size file in
/sys/devices/platform/dell_rbu/. (CVE-2009-0322, Important)
* a deficiency was found in the libATA implementation. This could,
potentially, lead to a denial of service. Note: by default, /dev/sg*
devices are accessible only to the root user. (CVE-2008-5700, Low)
This update also fixes a number of non-security related bugs.
For details, please visit the referenced advisories.
All Red Hat Enterprise Linux 4 users should upgrade to these updated
packages, which contain backported patches to resolve these issues. The
system must be rebooted for this update to take effect.
Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
