Test ID:	1.3.6.1.4.1.25623.1.0.67963
Category:	Fedora Local Security Checks
Title:	Fedora Core 13 FEDORA-2010-14235 (kernel)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to the kernel announced via advisory FEDORA-2010-14235. References: [ 1 ] Bug #628770 - CVE-2010-2954 kernel: NULL deref and panic in irda https://bugzilla.redhat.com/show_bug.cgi?id=628770 [ 2 ] Bug #628434 - CVE-2010-2955 kernel: wireless: fix 64K kernel heap content leak via ioctl https://bugzilla.redhat.com/show_bug.cgi?id=628434 [ 3 ] Bug #627440 - CVE-2010-2960 keyctl_session_to_parent NULL deref system crash https://bugzilla.redhat.com/show_bug.cgi?id=627440 Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update kernel' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2010-14235 Risk factor : High CVSS Score: 7.2
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2960 BugTraq ID: 42932 http://www.securityfocus.com/bid/42932 http://twitter.com/taviso/statuses/22777866582 http://www.openwall.com/lists/oss-security/2010/09/02/1 http://securitytracker.com/id?1024384 http://secunia.com/advisories/41263 SuSE Security Announcement: SUSE-SA:2010:050 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html SuSE Security Announcement: SUSE-SA:2011:007 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://www.ubuntu.com/usn/USN-1000-1 http://www.vupen.com/english/advisories/2011/0298 XForce ISS Database: linux-kernel-keyctl-dos(61557) https://exchange.xforce.ibmcloud.com/vulnerabilities/61557 Common Vulnerability Exposure (CVE) ID: CVE-2010-2954 41234 http://secunia.com/advisories/41234 41512 http://secunia.com/advisories/41512 ADV-2010-2266 http://www.vupen.com/english/advisories/2010/2266 ADV-2010-2430 http://www.vupen.com/english/advisories/2010/2430 ADV-2011-0298 SUSE-SA:2010:041 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html SUSE-SA:2010:050 SUSE-SA:2010:054 http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html SUSE-SA:2011:007 USN-1000-1 [netdev] 20100830 [PATCH] irda: Correctly clean up self->ias_obj on irda_bind() failure. http://www.spinics.net/lists/netdev/msg139404.html [oss-security] 20100901 CVE-2010-2954 kernel: irda null ptr deref http://marc.info/?l=oss-security&m=128331787923285&w=2 http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=628e300cccaa628d8fb92aa28cb7530a3d5f2257 http://twitter.com/taviso/statuses/22635752128 http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc3-next-20100901.bz2 https://bugzilla.redhat.com/show_bug.cgi?id=628770 kernel-irdabind-dos(61522) https://exchange.xforce.ibmcloud.com/vulnerabilities/61522 Common Vulnerability Exposure (CVE) ID: CVE-2010-2955 41245 http://secunia.com/advisories/41245 42885 http://www.securityfocus.com/bid/42885 RHSA-2010:0771 http://www.redhat.com/support/errata/RHSA-2010-0771.html RHSA-2010:0842 http://www.redhat.com/support/errata/RHSA-2010-0842.html [linux-kernel] 20100827 [PATCH] wireless: fix 64K kernel heap content leak via ioctl http://lkml.org/lkml/2010/8/27/413 [linux-kernel] 20100830 Re: [PATCH] wireless extensions: fix kernel heap content leak http://lkml.org/lkml/2010/8/30/351 [linux-kernel] 20100830 Re: [PATCH] wireless: fix 64K kernel heap content leak via ioctl http://lkml.org/lkml/2010/8/30/127 [linux-kernel] 20100830 [PATCH] wireless extensions: fix kernel heap content leak http://lkml.org/lkml/2010/8/30/146 [oss-security] 20100831 CVE-2010-2955 kernel: wireless: fix 64K kernel heap content leak via ioctl http://www.openwall.com/lists/oss-security/2010/08/31/1 http://forums.grsecurity.net/viewtopic.php?f=3&t=2290 http://git.kernel.org/?p=linux/kernel/git/linville/wireless-2.6.git%3Ba=commit%3Bh=42da2f948d949efd0111309f5827bf0298bcc9a4 http://grsecurity.net/~spender/wireless-infoleak-fix2.patch http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc3-next-20100831.bz2 https://bugzilla.redhat.com/show_bug.cgi?id=628434 Common Vulnerability Exposure (CVE) ID: CVE-2010-2524 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX http://www.securityfocus.com/archive/1/516397/100/0/threaded 43315 http://secunia.com/advisories/43315 MDVSA-2010:172 http://www.mandriva.com/security/advisories?name=MDVSA-2010:172 RHSA-2010:0610 http://www.redhat.com/support/errata/RHSA-2010-0610.html SUSE-SA:2010:040 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html [oss-security] 20100802 CVE-2010-2524 kernel: dns_resolver upcall security issue http://marc.info/?l=oss-security&m=128072090331700&w=2 [oss-security] 20100802 Re: CVE-2010-2524 kernel: dns_resolver upcall security issue http://marc.info/?l=oss-security&m=128078387328921&w=2 [oss-security] 20100803 Re: CVE-2010-2524 kernel: dns_resolver upcall security issue http://marc.info/?l=oss-security&m=128080755321157&w=2 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4c0c03ca54f72fdd5912516ad0a23ec5cf01bda7 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35 http://www.vmware.com/security/advisories/VMSA-2011-0003.html https://bugzilla.redhat.com/show_bug.cgi?id=612166 Common Vulnerability Exposure (CVE) ID: CVE-2010-2478 41223 http://www.securityfocus.com/bid/41223 [netdev] 20100628 [PATCH net-2.6 1/2] ethtool: Fix potential kernel buffer overflow in ETHTOOL_GRXCLSRLALL http://article.gmane.org/gmane.linux.network/164869 [oss-security] 20100629 Re: kernel: ethtool: kernel buffer overflow in ETHTOOL_GRXCLSRLALL http://www.openwall.com/lists/oss-security/2010/06/29/3 [oss-security] 20100629 kernel: ethtool: kernel buffer overflow in ETHTOOL_GRXCLSRLALL http://www.openwall.com/lists/oss-security/2010/06/29/1 [oss-security] 20100630 Re: kernel: ethtool: kernel buffer overflow in ETHTOOL_GRXCLSRLALL http://www.openwall.com/lists/oss-security/2010/06/30/17 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=db048b69037e7fa6a7d9e95a1271a50dc08ae233 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.33.7 https://bugzilla.redhat.com/show_bug.cgi?id=608950 Common Vulnerability Exposure (CVE) ID: CVE-2010-2071 [linux-kernel] 20100518 [PATCH] btrfs: should add a permission check for setfacl http://lkml.org/lkml/2010/5/17/544 [oss-security] 20100611 CVE request - kernel: btrfs: prevent users from setting ACLs on files they do not own http://www.openwall.com/lists/oss-security/2010/06/11/3 [oss-security] 20100614 Re: CVE request - kernel: btrfs: prevent users from setting ACLs on files they do not own http://www.openwall.com/lists/oss-security/2010/06/14/2 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=2f26afba
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.