Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2010:0394
The remote host is missing updates announced in
advisory RHSA-2010:0394.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security fixes:

* RHSA-2009:1024 introduced a flaw in the ptrace implementation on Itanium
systems. ptrace_check_attach() was not called during certain ptrace()
requests. Under certain circumstances, a local, unprivileged user could use
this flaw to call ptrace() on a process they do not own, giving them
control over that process. (CVE-2010-0729, Important)

* a flaw was found in the kernel's Unidirectional Lightweight Encapsulation
(ULE) implementation. A remote attacker could send a specially-crafted ISO
MPEG-2 Transport Stream (TS) frame to a target system, resulting in a
denial of service. (CVE-2010-1086, Important)

* a use-after-free flaw was found in tcp_rcv_state_process() in the
kernel's TCP/IP protocol suite implementation. If a system using IPv6 had
the IPV6_RECVPKTINFO option set on a listening socket, a remote attacker
could send an IPv6 packet to that system, causing a kernel panic.
(CVE-2010-1188, Important)

* a divide-by-zero flaw was found in azx_position_ok() in the Intel High
Definition Audio driver, snd-hda-intel. A local, unprivileged user could
trigger this flaw to cause a denial of service. (CVE-2010-1085, Moderate)

* an information leak flaw was found in the kernel's USB implementation.
Certain USB errors could result in an uninitialized kernel buffer being
sent to user-space. An attacker with physical access to a target system
could use this flaw to cause an information leak. (CVE-2010-1083, Low)

Red Hat would like to thank Ang Way Chuang for reporting CVE-2010-1086.

Users should upgrade to these updated packages, which contain backported
patches to correct these issues and add these enhancements. The system must
be rebooted for this update to take effect.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : High

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-0729
BugTraq ID: 38702
Common Vulnerability Exposure (CVE) ID: CVE-2010-1083
Bugtraq: 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (Google Search)
Debian Security Information: DSA-2053 (Google Search)
SuSE Security Announcement: SUSE-SA:2010:019 (Google Search)
SuSE Security Announcement: SUSE-SA:2010:023 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2010-1085
BugTraq ID: 38348
Bugtraq: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2010-1086
BugTraq ID: 38479
Common Vulnerability Exposure (CVE) ID: CVE-2010-1188
BugTraq ID: 39016
CopyrightCopyright (c) 2010 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.