Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.71904
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2011:1813
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2011:1813.

These packages contain the Linux kernel.

This update fixes the following security issues:

* A flaw in the Stream Control Transmission Protocol (SCTP) implementation
could allow a remote attacker to cause a denial of service by sending a
specially-crafted SCTP packet to a target system. (CVE-2011-2482,
Important)

If you do not run applications that use SCTP, you can prevent the sctp
module from being loaded by adding the following to the end of the
/etc/modprobe.d/blacklist.conf file:

blacklist sctp

This way, the sctp module cannot be loaded accidentally, which may occur
if an application that requires SCTP is started. A reboot is not necessary
for this change to take effect.

* A flaw in the client-side NFS Lock Manager (NLM) implementation could
allow a local, unprivileged user to cause a denial of service.
(CVE-2011-2491, Important)

* Flaws in the netlink-based wireless configuration interface could allow
a local user, who has the CAP_NET_ADMIN capability, to cause a denial of
service or escalate their privileges on systems that have an active
wireless interface. (CVE-2011-2517, Important)

* A flaw was found in the way the Linux kernel's Xen hypervisor
implementation emulated the SAHF instruction. When using a
fully-virtualized guest on a host that does not use hardware assisted
paging (HAP), such as those running CPUs that do not have support for (or
those that have it disabled) Intel Extended Page Tables (EPT) or AMD
Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), a privileged
guest user could trigger this flaw to cause the hypervisor to crash.
(CVE-2011-2519, Moderate)

* A flaw in the __addr_ok() macro in the Linux kernel's Xen hypervisor
implementation when running on 64-bit systems could allow a privileged
guest user to crash the hypervisor. (CVE-2011-2901, Moderate)

* /proc/[PID]/io is world-readable by default. Previously, these files
could be read without any further restrictions. A local, unprivileged user
could read these files, belonging to other, possibly privileged processes
to gather confidential information, such as the length of a password used
in a process. (CVE-2011-2495, Low)

Red Hat would like to thank Vasily Averin for reporting CVE-2011-2491, and
Vasiliy Kulikov of Openwall for reporting CVE-2011-2495.

This update also fixes the following bugs:

* On Broadcom PCI cards that use the tg3 driver, the operational state of a
network device, represented by the value in
/sys/class/net/ethX/operstate, was not initialized by default.
Consequently, the state was reported as unknown when the tg3 network
device was actually in the up state. This update modifies the tg3 driver
to properly set the operstate value. (BZ#744699)

* A KVM (Kernel-based Virtual Machine) guest can get preempted by the host,
when a higher priority process needs to run. When a guest is not running
for several timer interrupts in a row, ticks could be lost, resulting in
the jiffies timer advancing slower than expected and timeouts taking longer
than expected. To correct for the issue of lost ticks,
do_timer_tsc_timekeeping() checks a reference clock source (kvm-clock when
running as a KVM guest) to see if timer interrupts have been missed. If so,
jiffies is incremented by the number of missed timer interrupts, ensuring
that programs are woken up on time. (BZ#747874)

* When a block device object was allocated, the bd_super field was not
being explicitly initialized to NULL. Previously, users of the block device
object could set bd_super to NULL when the object was released by calling
the kill_block_super() function. Certain third-party file systems do not
always use this function, and bd_super could therefore become uninitialized
when the object was allocated again. This could cause a kernel panic in the
blkdev_releasepage() function, when the uninitialized bd_super field was
dereferenced. Now, bd_super is properly initialized in the bdget()
function, and the kernel panic no longer occurs. (BZ#751137)

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2011-1813.html

Risk factor : High

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-2482
http://www.openwall.com/lists/oss-security/2011/08/30/1
RedHat Security Advisories: RHSA-2011:1212
http://rhn.redhat.com/errata/RHSA-2011-1212.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-2491
http://www.openwall.com/lists/oss-security/2011/06/23/6
Common Vulnerability Exposure (CVE) ID: CVE-2011-2495
http://www.openwall.com/lists/oss-security/2011/06/27/1
Common Vulnerability Exposure (CVE) ID: CVE-2011-2517
http://www.openwall.com/lists/oss-security/2011/07/01/4
Common Vulnerability Exposure (CVE) ID: CVE-2011-2519
http://xenbits.xen.org/hg/xen-3.1-testing.hg/rev/15644
Common Vulnerability Exposure (CVE) ID: CVE-2011-2901
http://security.gentoo.org/glsa/glsa-201309-24.xml
http://www.openwall.com/lists/oss-security/2011/09/02/2
http://secunia.com/advisories/55082
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.