Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.67366
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2010:0398
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2010:0398.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* a flaw was found in the Unidirectional Lightweight Encapsulation (ULE)
implementation. A remote attacker could send a specially-crafted ISO
MPEG-2 Transport Stream (TS) frame to a target system, resulting in an
infinite loop (denial of service). (CVE-2010-1086, Important)

* on AMD64 systems, it was discovered that the kernel did not ensure the
ELF interpreter was available before making a call to the SET_PERSONALITY
macro. A local attacker could use this flaw to cause a denial of service by
running a 32-bit application that attempts to execute a 64-bit application.
(CVE-2010-0307, Moderate)

* a flaw was found in the kernel connector implementation. A local,
unprivileged user could trigger this flaw by sending an arbitrary number
of notification requests using specially-crafted netlink messages,
resulting in a denial of service. (CVE-2010-0410, Moderate)

* a flaw was found in the Memory-mapped I/O (MMIO) instruction decoder in
the Xen hypervisor implementation. An unprivileged guest user could use
this flaw to trick the hypervisor into emulating a certain instruction,
which could crash the guest (denial of service). (CVE-2010-0730, Moderate)

* a divide-by-zero flaw was found in the azx_position_ok() function in the
driver for Intel High Definition Audio, snd-hda-intel. A local,
unprivileged user could trigger this flaw to cause a kernel crash (denial
of service). (CVE-2010-1085, Moderate)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0398.html
http://www.redhat.com/security/updates/classification/#important

Risk factor : High

CVSS Score:
7.8

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-0307
BugTraq ID: 38027
http://www.securityfocus.com/bid/38027
Bugtraq: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (Google Search)
http://www.securityfocus.com/archive/1/516397/100/0/threaded
Debian Security Information: DSA-1996 (Google Search)
http://www.debian.org/security/2010/dsa-1996
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:066
http://www.globalsecuritymag.com/Vigil-nce-Linux-kernel-denial-of,20100202,15754.html
http://marc.info/?l=linux-mm&m=126466407724382&w=2
http://www.openwall.com/lists/oss-security/2010/02/01/1
http://www.openwall.com/lists/oss-security/2010/02/01/5
http://www.openwall.com/lists/oss-security/2010/02/04/1
http://www.openwall.com/lists/oss-security/2010/02/04/9
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10870
RedHat Security Advisories: RHSA-2010:0146
https://rhn.redhat.com/errata/RHSA-2010-0146.html
http://www.redhat.com/support/errata/RHSA-2010-0398.html
http://www.redhat.com/support/errata/RHSA-2010-0771.html
http://secunia.com/advisories/38492
http://secunia.com/advisories/38779
http://secunia.com/advisories/38922
http://secunia.com/advisories/39649
http://secunia.com/advisories/43315
SuSE Security Announcement: SUSE-SA:2010:014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html
http://www.ubuntu.com/usn/USN-914-1
http://www.vupen.com/english/advisories/2010/0638
Common Vulnerability Exposure (CVE) ID: CVE-2010-0410
BugTraq ID: 38058
http://www.securityfocus.com/bid/38058
Debian Security Information: DSA-2005 (Google Search)
http://www.debian.org/security/2010/dsa-2005
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035070.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:088
http://www.openwall.com/lists/oss-security/2010/02/03/1
http://www.openwall.com/lists/oss-security/2010/02/03/3
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10903
http://www.redhat.com/support/errata/RHSA-2010-0161.html
http://secunia.com/advisories/38557
http://secunia.com/advisories/39033
http://secunia.com/advisories/39742
SuSE Security Announcement: SUSE-SA:2010:018 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00006.html
SuSE Security Announcement: SUSE-SA:2010:019 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00007.html
SuSE Security Announcement: SUSE-SA:2010:023 (Google Search)
http://www.novell.com/linux/security/advisories/2010_23_kernel.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-0730
BugTraq ID: 39979
http://www.securityfocus.com/bid/39979
http://www.openwall.com/lists/oss-security/2010/05/07/1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11430
Common Vulnerability Exposure (CVE) ID: CVE-2010-1085
BugTraq ID: 38348
http://www.securityfocus.com/bid/38348
http://nctritech.net/bugreport.txt
http://lkml.org/lkml/2010/2/5/322
http://www.openwall.com/lists/oss-security/2010/02/22/2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10027
http://www.redhat.com/support/errata/RHSA-2010-0394.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-1086
BugTraq ID: 38479
http://www.securityfocus.com/bid/38479
Debian Security Information: DSA-2053 (Google Search)
http://www.debian.org/security/2010/dsa-2053
http://www.openwall.com/lists/oss-security/2010/03/01/1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10569
http://secunia.com/advisories/39830
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.