Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Fedora Local Security Checks
Title:Fedora Core 11 FEDORA-2009-9044 (kernel)
The remote host is missing an update to kernel
announced via advisory FEDORA-2009-9044.

Update Information:

Security fixes:

- CVE-2009-2691: Information disclosure in proc filesystem
- CVE-2009-2848: execve: must clear current->child_tid
- CVE-2009-2849: md: null pointer dereference
- CVE-2009-2847: Information leak in do_sigaltstack

Restore missing LIRC drivers, dropped in previous release.
Backport upstream fixes that further improve the security of
mmap of low addresses. (CVE-2009-2695)


* Thu Sep 24(??!!) 2009 Chuck Ebbert
- Fix CVE-2009-2691: local information disclosure in /proc
* Fri Aug 21 2009 David Woodhouse
- Fix b43 on iMac G5 (#514787)
* Tue Aug 18 2009 Kyle McMartin
- CVE-2009-2848: execve: must clear current->clear_child_tid
- Cherry pick upstream commits 52dec22e739eec8f3a0154f768a599f5489048bd
which improve mmap_min_addr.
- CVE-2009-2849: md: avoid dereferencing null ptr when accessing suspend
sysfs attributes.
- CVE-2009-2847: do_sigaltstack: avoid copying 'stack_t' as a structure
to userspace


[ 1 ] Bug #516171 - CVE-2009-2691 kernel: /proc/$pid/maps visible during initial setuid ELF loading
[ 2 ] Bug #515423 - CVE-2009-2848 kernel: execve: must clear current->clear_child_tid
[ 3 ] Bug #518132 - CVE-2009-2849 kernel: md: NULL pointer deref when accessing suspend_* sysfs attributes
[ 4 ] Bug #515392 - CVE-2009-2847 kernel: information leak in sigaltstack
[ 5 ] Bug #517830 - CVE-2009-2695 SELinux and mmap_min_addr

Solution: Apply the appropriate updates.

This update can be installed with the yum update program. Use
su -c 'yum update kernel' at the command line.
For more information, refer to Managing Software with yum,
available at

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-2691
BugTraq ID: 36019
Debian Security Information: DSA-2005 (Google Search)
RedHat Security Advisories: RHSA-2009:1540
XForce ISS Database: linux-kernel-mmformaps-info-disclosure(52401)
Common Vulnerability Exposure (CVE) ID: CVE-2009-2848
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
Bugtraq: 20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel (Google Search)
RedHat Security Advisories: RHSA-2009:1243
RedHat Security Advisories: RHSA-2009:1550
SuSE Security Announcement: SUSE-SA:2009:054 (Google Search)
SuSE Security Announcement: SUSE-SA:2009:056 (Google Search)
SuSE Security Announcement: SUSE-SA:2010:012 (Google Search)
XForce ISS Database: kernel-execve-dos(52899)
Common Vulnerability Exposure (CVE) ID: CVE-2009-2849
XForce ISS Database: kernel-mddriver-dos(52858)
Common Vulnerability Exposure (CVE) ID: CVE-2009-2847
Common Vulnerability Exposure (CVE) ID: CVE-2009-2695
BugTraq ID: 36051
RedHat Security Advisories: RHSA-2009:1548
Common Vulnerability Exposure (CVE) ID: CVE-2009-2767
XForce ISS Database: linux-kernel-clocknanosleep-priv-escalation(52317)
Common Vulnerability Exposure (CVE) ID: CVE-2009-2692
BugTraq ID: 36038
Bugtraq: 20090813 Linux NULL pointer dereference due to incorrect proto_ops initializations (Google Search)
Bugtraq: 20090818 rPSA-2009-0121-1 kernel open-vm-tools (Google Search)
Debian Security Information: DSA-1865 (Google Search)
RedHat Security Advisories: RHSA-2009:1222
RedHat Security Advisories: RHSA-2009:1223
SuSE Security Announcement: SUSE-SR:2009:015 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2009-1897
XForce ISS Database: linux-kernel-tunchrpoll-code-execution(51803)
Common Vulnerability Exposure (CVE) ID: CVE-2009-1895
BugTraq ID: 35647
Bugtraq: 20090724 rPSA-2009-0111-1 kernel (Google Search)
Debian Security Information: DSA-1844 (Google Search)
Debian Security Information: DSA-1845 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2009-2406
BugTraq ID: 35851
Bugtraq: 20090728 [RISE-2009002] Linux eCryptfs parse_tag_11_packet Literal Data Buffer Overflow Vulnerability (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2009-2407
BugTraq ID: 35850
Bugtraq: 20090728 [RISE-2009003] Linux eCryptfs parse_tag_3_packet Encrypted Key Buffer Overflow Vulnerability (Google Search)
CopyrightCopyright (c) 2009 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2022 E-Soft Inc. All rights reserved.