Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.64736
Category:Fedora Local Security Checks
Title:Fedora Core 11 FEDORA-2009-9044 (kernel)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to kernel
announced via advisory FEDORA-2009-9044.

Update Information:

Security fixes:

- CVE-2009-2691: Information disclosure in proc filesystem
- CVE-2009-2848: execve: must clear current->child_tid
- CVE-2009-2849: md: null pointer dereference
- CVE-2009-2847: Information leak in do_sigaltstack

Restore missing LIRC drivers, dropped in previous release.
Backport upstream fixes that further improve the security of
mmap of low addresses. (CVE-2009-2695)

ChangeLog:

* Thu Sep 24(??!!) 2009 Chuck Ebbert 2.6.29.6-217.2.16
- Fix CVE-2009-2691: local information disclosure in /proc
* Fri Aug 21 2009 David Woodhouse
- Fix b43 on iMac G5 (#514787)
* Tue Aug 18 2009 Kyle McMartin
- CVE-2009-2848: execve: must clear current->clear_child_tid
- Cherry pick upstream commits 52dec22e739eec8f3a0154f768a599f5489048bd
which improve mmap_min_addr.
- CVE-2009-2849: md: avoid dereferencing null ptr when accessing suspend
sysfs attributes.
- CVE-2009-2847: do_sigaltstack: avoid copying 'stack_t' as a structure
to userspace

References:

[ 1 ] Bug #516171 - CVE-2009-2691 kernel: /proc/$pid/maps visible during initial setuid ELF loading
https://bugzilla.redhat.com/show_bug.cgi?id=516171
[ 2 ] Bug #515423 - CVE-2009-2848 kernel: execve: must clear current->clear_child_tid
https://bugzilla.redhat.com/show_bug.cgi?id=515423
[ 3 ] Bug #518132 - CVE-2009-2849 kernel: md: NULL pointer deref when accessing suspend_* sysfs attributes
https://bugzilla.redhat.com/show_bug.cgi?id=518132
[ 4 ] Bug #515392 - CVE-2009-2847 kernel: information leak in sigaltstack
https://bugzilla.redhat.com/show_bug.cgi?id=515392
[ 5 ] Bug #517830 - CVE-2009-2695 SELinux and mmap_min_addr
https://bugzilla.redhat.com/show_bug.cgi?id=517830

Solution: Apply the appropriate updates.

This update can be installed with the yum update program. Use
su -c 'yum update kernel' at the command line.
For more information, refer to Managing Software with yum,
available at http://docs.fedoraproject.org/yum/.

http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2009-9044

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-2691
BugTraq ID: 36019
http://www.securityfocus.com/bid/36019
Debian Security Information: DSA-2005 (Google Search)
http://www.debian.org/security/2010/dsa-2005
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.html
http://lkml.org/lkml/2009/6/23/652
http://lkml.org/lkml/2009/6/23/653
http://marc.info/?l=linux-kernel&m=124718946021193
http://marc.info/?l=linux-kernel&m=124718949821250
http://www.openwall.com/lists/oss-security/2009/08/11/1
RedHat Security Advisories: RHSA-2009:1540
https://rhn.redhat.com/errata/RHSA-2009-1540.html
http://secunia.com/advisories/36265
http://secunia.com/advisories/36501
http://www.vupen.com/english/advisories/2009/2246
XForce ISS Database: linux-kernel-mmformaps-info-disclosure(52401)
https://exchange.xforce.ibmcloud.com/vulnerabilities/52401
Common Vulnerability Exposure (CVE) ID: CVE-2009-2848
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Bugtraq: 20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel (Google Search)
http://www.securityfocus.com/archive/1/512019/100/0/threaded
http://article.gmane.org/gmane.linux.kernel/871942
http://www.openwall.com/lists/oss-security/2009/08/04/2
http://www.openwall.com/lists/oss-security/2009/08/05/10
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11412
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8598
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9766
RedHat Security Advisories: RHSA-2009:1243
http://rhn.redhat.com/errata/RHSA-2009-1243.html
http://www.redhat.com/support/errata/RHSA-2009-1438.html
RedHat Security Advisories: RHSA-2009:1550
https://rhn.redhat.com/errata/RHSA-2009-1550.html
http://secunia.com/advisories/35983
http://secunia.com/advisories/36562
http://secunia.com/advisories/36759
http://secunia.com/advisories/37105
http://secunia.com/advisories/37351
http://secunia.com/advisories/37471
SuSE Security Announcement: SUSE-SA:2009:054 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html
SuSE Security Announcement: SUSE-SA:2009:056 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html
SuSE Security Announcement: SUSE-SA:2010:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
http://www.ubuntu.com/usn/USN-852-1
http://www.vupen.com/english/advisories/2009/3316
XForce ISS Database: kernel-execve-dos(52899)
https://exchange.xforce.ibmcloud.com/vulnerabilities/52899
Common Vulnerability Exposure (CVE) ID: CVE-2009-2849
http://xorl.wordpress.com/2009/07/21/linux-kernel-md-driver-null-pointer-dereference/
http://www.openwall.com/lists/oss-security/2009/07/24/1
http://www.openwall.com/lists/oss-security/2009/07/26/1
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10396
http://www.securitytracker.com/id?1022961
http://secunia.com/advisories/38794
http://secunia.com/advisories/38834
http://www.vupen.com/english/advisories/2010/0528
XForce ISS Database: kernel-mddriver-dos(52858)
https://exchange.xforce.ibmcloud.com/vulnerabilities/52858
Common Vulnerability Exposure (CVE) ID: CVE-2009-2847
http://www.exploit-db.com/exploits/9352
http://www.openwall.com/lists/oss-security/2009/08/04/1
http://www.openwall.com/lists/oss-security/2009/08/05/1
http://www.openwall.com/lists/oss-security/2009/08/26/2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10637
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8405
http://secunia.com/advisories/36136
Common Vulnerability Exposure (CVE) ID: CVE-2009-2695
BugTraq ID: 36051
http://www.securityfocus.com/bid/36051
http://twitter.com/spendergrsec/statuses/3303390960
http://www.openwall.com/lists/oss-security/2009/08/17/4
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7144
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9882
RedHat Security Advisories: RHSA-2009:1548
https://rhn.redhat.com/errata/RHSA-2009-1548.html
http://www.redhat.com/support/errata/RHSA-2009-1672.html
Common Vulnerability Exposure (CVE) ID: CVE-2009-2767
http://lkml.org/lkml/2009/8/4/28
http://lkml.org/lkml/2009/8/4/40
http://www.openwall.com/lists/oss-security/2009/08/06/2
http://secunia.com/advisories/36200
http://www.vupen.com/english/advisories/2009/2197
XForce ISS Database: linux-kernel-clocknanosleep-priv-escalation(52317)
https://exchange.xforce.ibmcloud.com/vulnerabilities/52317
Common Vulnerability Exposure (CVE) ID: CVE-2009-2692
BugTraq ID: 36038
http://www.securityfocus.com/bid/36038
Bugtraq: 20090813 Linux NULL pointer dereference due to incorrect proto_ops initializations (Google Search)
http://www.securityfocus.com/archive/1/505751/100/0/threaded
Bugtraq: 20090818 rPSA-2009-0121-1 kernel open-vm-tools (Google Search)
http://www.securityfocus.com/archive/1/505912/100/0/threaded
Debian Security Information: DSA-1865 (Google Search)
http://www.debian.org/security/2009/dsa-1865
http://www.exploit-db.com/exploits/19933
http://www.exploit-db.com/exploits/9477
http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:233
http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html
http://grsecurity.net/~spender/wunderbar_emporium.tgz
http://zenthought.org/content/file/android-root-2009-08-16-source
http://www.openwall.com/lists/oss-security/2009/08/14/1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657
RedHat Security Advisories: RHSA-2009:1222
http://rhn.redhat.com/errata/RHSA-2009-1222.html
RedHat Security Advisories: RHSA-2009:1223
http://rhn.redhat.com/errata/RHSA-2009-1223.html
http://www.redhat.com/support/errata/RHSA-2009-1233.html
http://secunia.com/advisories/36278
http://secunia.com/advisories/36289
http://secunia.com/advisories/36327
http://secunia.com/advisories/36430
http://secunia.com/advisories/37298
SuSE Security Announcement: SUSE-SR:2009:015 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
http://www.vupen.com/english/advisories/2009/2272
Common Vulnerability Exposure (CVE) ID: CVE-2009-1897
http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0241.html
http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0246.html
http://grsecurity.net/~spender/cheddar_bay.tgz
http://isc.sans.org/diary.html?storyid=6820
https://www.redhat.com/en/blog/security-flaws-caused-compiler-optimizations
http://lkml.org/lkml/2009/7/6/19
http://article.gmane.org/gmane.linux.network/124939
http://www.openwall.com/lists/oss-security/2009/07/17/1
http://secunia.com/advisories/35839
http://www.vupen.com/english/advisories/2009/1925
XForce ISS Database: linux-kernel-tunchrpoll-code-execution(51803)
https://exchange.xforce.ibmcloud.com/vulnerabilities/51803
Common Vulnerability Exposure (CVE) ID: CVE-2009-1895
BugTraq ID: 35647
http://www.securityfocus.com/bid/35647
Bugtraq: 20090724 rPSA-2009-0111-1 kernel (Google Search)
http://www.securityfocus.com/archive/1/505254/100/0/threaded
Debian Security Information: DSA-1844 (Google Search)
http://www.debian.org/security/2009/dsa-1844
Debian Security Information: DSA-1845 (Google Search)
http://www.debian.org/security/2009/dsa-1845
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00223.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00166.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:051
http://blog.cr0.org/2009/06/bypassing-linux-null-pointer.html
http://www.osvdb.org/55807
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11768
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7826
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9453
http://www.redhat.com/support/errata/RHSA-2009-1193.html
http://secunia.com/advisories/35801
http://secunia.com/advisories/36045
http://secunia.com/advisories/36051
http://secunia.com/advisories/36054
http://secunia.com/advisories/36116
http://secunia.com/advisories/36131
http://www.ubuntu.com/usn/usn-807-1
http://www.vupen.com/english/advisories/2009/1866
Common Vulnerability Exposure (CVE) ID: CVE-2009-2406
BugTraq ID: 35851
http://www.securityfocus.com/bid/35851
Bugtraq: 20090728 [RISE-2009002] Linux eCryptfs parse_tag_11_packet Literal Data Buffer Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/505334/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDVSA-2011:029
http://risesecurity.org/advisories/RISE-2009002.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10072
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8246
http://www.securitytracker.com/id?1022663
http://secunia.com/advisories/35985
http://www.vupen.com/english/advisories/2009/2041
Common Vulnerability Exposure (CVE) ID: CVE-2009-2407
BugTraq ID: 35850
http://www.securityfocus.com/bid/35850
Bugtraq: 20090728 [RISE-2009003] Linux eCryptfs parse_tag_3_packet Encrypted Key Buffer Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/505337/100/0/threaded
http://risesecurity.org/advisories/RISE-2009003.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11255
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8057
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.