Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.66670
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2009:1672
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2009:1672.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* a system with SELinux enforced was more permissive in allowing local
users in the unconfined_t domain to map low memory areas even if the
mmap_min_addr restriction was enabled. This could aid in the local
exploitation of NULL pointer dereference bugs. (CVE-2009-2695, Important)

* a NULL pointer dereference flaw was found in each of the following
functions in the Linux kernel: pipe_read_open(), pipe_write_open(), and
pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could
be released by other processes before it is used to update the pipe's
reader and writer counters. This could lead to a local denial of service or
privilege escalation. (CVE-2009-3547, Important)

This update also fixes the following bug:

* a bug in the IPv6 implementation in the Linux kernel could have caused an
unbalanced reference count. When using network bonding, this bug may have
caused a hang when shutting the system down via shutdown -h, or prevented
the network service from being stopped via service network stop.
(BZ#538409)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2009-1672.html
http://www.redhat.com/security/updates/classification/#important
http://kbase.redhat.com/faq/docs/DOC-20481
http://kbase.redhat.com/faq/docs/DOC-18042

Risk factor : High

CVSS Score:
7.2

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-2695
BugTraq ID: 36051
http://www.securityfocus.com/bid/36051
Debian Security Information: DSA-2005 (Google Search)
http://www.debian.org/security/2010/dsa-2005
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.html
http://twitter.com/spendergrsec/statuses/3303390960
http://www.openwall.com/lists/oss-security/2009/08/17/4
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7144
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9882
RedHat Security Advisories: RHSA-2009:1540
https://rhn.redhat.com/errata/RHSA-2009-1540.html
RedHat Security Advisories: RHSA-2009:1548
https://rhn.redhat.com/errata/RHSA-2009-1548.html
http://www.redhat.com/support/errata/RHSA-2009-1672.html
http://secunia.com/advisories/36501
http://secunia.com/advisories/37105
http://secunia.com/advisories/38794
http://secunia.com/advisories/38834
http://www.ubuntu.com/usn/USN-852-1
http://www.vupen.com/english/advisories/2010/0528
Common Vulnerability Exposure (CVE) ID: CVE-2009-3547
BugTraq ID: 36901
http://www.securityfocus.com/bid/36901
Bugtraq: 20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel (Google Search)
http://www.securityfocus.com/archive/1/512019/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:329
http://lkml.org/lkml/2009/10/14/184
http://lkml.org/lkml/2009/10/21/42
http://marc.info/?l=oss-security&m=125724568017045&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11513
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7608
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9327
RedHat Security Advisories: RHSA-2009:1541
https://rhn.redhat.com/errata/RHSA-2009-1541.html
RedHat Security Advisories: RHSA-2009:1550
https://rhn.redhat.com/errata/RHSA-2009-1550.html
http://secunia.com/advisories/37351
http://secunia.com/advisories/38017
SuSE Security Announcement: SUSE-SA:2009:054 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html
SuSE Security Announcement: SUSE-SA:2009:056 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html
SuSE Security Announcement: SUSE-SA:2010:001 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html
SuSE Security Announcement: SUSE-SA:2010:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
http://www.ubuntu.com/usn/usn-864-1
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.