Test ID:	1.3.6.1.4.1.25623.1.0.66757
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2010:0041
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2010:0041. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * an array index error was found in the gdth driver in the Linux kernel. A local user could send a specially-crafted IOCTL request that would cause a denial of service or, possibly, privilege escalation. (CVE-2009-3080, Important) * a flaw was found in the FUSE implementation in the Linux kernel. When a system is low on memory, fuse_put_request() could dereference an invalid pointer, possibly leading to a local denial of service or privilege escalation. (CVE-2009-4021, Important) * a flaw was found in each of the following Intel PRO/1000 Linux drivers in the Linux kernel: e1000 and e1000e. A remote attacker using packets larger than the MTU could bypass the existing fragment check, resulting in partial, invalid frames being passed to the network stack. These flaws could also possibly be used to trigger a remote denial of service. (CVE-2009-4536, CVE-2009-4538, Important) * a flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel. Receiving overly-long frames with a certain revision of the network cards supported by this driver could possibly result in a remote denial of service. (CVE-2009-4537, Important) These updated packages also include other bug fixes. Users are directed to the Red Hat Enterprise MRG 1.2 Release Notes for information on those fixes, available shortly from: http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/ Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0041.html http://www.redhat.com/security/updates/classification/#important http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/ Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3080 37068 http://www.securityfocus.com/bid/37068 37435 http://secunia.com/advisories/37435 37720 http://secunia.com/advisories/37720 37909 http://secunia.com/advisories/37909 38017 http://secunia.com/advisories/38017 38276 http://secunia.com/advisories/38276 DSA-2005 http://www.debian.org/security/2010/dsa-2005 FEDORA-2009-13098 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00777.html MDVSA-2010:030 http://www.mandriva.com/security/advisories?name=MDVSA-2010:030 MDVSA-2011:051 http://www.mandriva.com/security/advisories?name=MDVSA-2011:051 RHSA-2010:0041 http://www.redhat.com/support/errata/RHSA-2010-0041.html RHSA-2010:0046 https://rhn.redhat.com/errata/RHSA-2010-0046.html RHSA-2010:0095 https://rhn.redhat.com/errata/RHSA-2010-0095.html RHSA-2010:0882 http://www.redhat.com/support/errata/RHSA-2010-0882.html SUSE-SA:2009:061 http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html SUSE-SA:2009:064 http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html SUSE-SA:2010:001 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html SUSE-SA:2010:005 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html SUSE-SA:2010:013 http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html USN-864-1 http://www.ubuntu.com/usn/usn-864-1 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=690e744869f3262855b83b4fb59199cf142765b0 http://support.avaya.com/css/P8/documents/100073666 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc8 http://www.vmware.com/security/advisories/VMSA-2011-0009.html oval:org.mitre.oval:def:10989 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10989 oval:org.mitre.oval:def:12862 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12862 oval:org.mitre.oval:def:7101 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7101 Common Vulnerability Exposure (CVE) ID: CVE-2009-4021 37069 http://www.securityfocus.com/bid/37069 SUSE-SA:2010:012 http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html [oss-security] 20091119 CVE request: kernel: fuse: prevent fuse_put_request on invalid pointer http://www.openwall.com/lists/oss-security/2009/11/19/1 [oss-security] 20091124 Re: CVE request: kernel: fuse: prevent fuse_put_request on invalid pointer http://www.openwall.com/lists/oss-security/2009/11/24/5 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f60311d5f7670d9539b424e4ed8b5c0872fc9e83 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc7 https://bugzilla.redhat.com/show_bug.cgi?id=538734 kernel-fusedirectio-dos(54358) https://exchange.xforce.ibmcloud.com/vulnerabilities/54358 oval:org.mitre.oval:def:10516 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10516 oval:org.mitre.oval:def:6955 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6955 Common Vulnerability Exposure (CVE) ID: CVE-2009-4536 BugTraq ID: 37519 http://www.securityfocus.com/bid/37519 Debian Security Information: DSA-1996 (Google Search) http://www.debian.org/security/2010/dsa-1996 Debian Security Information: DSA-2005 (Google Search) http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/ http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html http://www.openwall.com/lists/oss-security/2009/12/28/1 http://www.openwall.com/lists/oss-security/2009/12/29/2 http://www.openwall.com/lists/oss-security/2009/12/31/1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10607 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12440 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13226 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7453 http://www.redhat.com/support/errata/RHSA-2010-0019.html http://www.redhat.com/support/errata/RHSA-2010-0020.html http://www.redhat.com/support/errata/RHSA-2010-0053.html RedHat Security Advisories: RHSA-2010:0095 http://www.redhat.com/support/errata/RHSA-2010-0111.html http://securitytracker.com/id?1023420 http://secunia.com/advisories/35265 http://secunia.com/advisories/38031 http://secunia.com/advisories/38296 http://secunia.com/advisories/38492 http://secunia.com/advisories/38610 http://secunia.com/advisories/38779 SuSE Security Announcement: SUSE-SA:2010:005 (Google Search) SuSE Security Announcement: SUSE-SA:2010:007 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00008.html SuSE Security Announcement: SUSE-SA:2010:010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html SuSE Security Announcement: SUSE-SA:2010:012 (Google Search) SuSE Security Announcement: SUSE-SA:2010:013 (Google Search) SuSE Security Announcement: SUSE-SA:2010:014 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html XForce ISS Database: kernel-e1000main-security-bypass(55648) https://exchange.xforce.ibmcloud.com/vulnerabilities/55648 Common Vulnerability Exposure (CVE) ID: CVE-2009-4537 BugTraq ID: 37521 http://www.securityfocus.com/bid/37521 Debian Security Information: DSA-2053 (Google Search) http://www.debian.org/security/2010/dsa-2053 http://twitter.com/dakami/statuses/7104238406 http://marc.info/?l=linux-netdev&m=126202972828626&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7443 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9439 http://securitytracker.com/id?1023419 http://secunia.com/advisories/39742 http://secunia.com/advisories/39830 http://secunia.com/advisories/40645 SuSE Security Announcement: SUSE-SA:2010:023 (Google Search) http://www.novell.com/linux/security/advisories/2010_23_kernel.html SuSE Security Announcement: SUSE-SA:2010:031 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html http://www.vupen.com/english/advisories/2010/1857 XForce ISS Database: kernel-r8169-dos(55647) https://exchange.xforce.ibmcloud.com/vulnerabilities/55647 Common Vulnerability Exposure (CVE) ID: CVE-2009-4538 BugTraq ID: 37523 http://www.securityfocus.com/bid/37523 http://www.mandriva.com/security/advisories?name=MDVSA-2010:066 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7016 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9702 XForce ISS Database: kernel-edriver-unspecified(55645) https://exchange.xforce.ibmcloud.com/vulnerabilities/55645
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.