Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.71926
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2010:0670
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2010:0670.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* When an application has a stack overflow, the stack could silently
overwrite another memory mapped area instead of a segmentation fault
occurring, which could cause an application to execute arbitrary code,
possibly leading to privilege escalation. It is known that the X Window
System server can be used to trigger this flaw. (CVE-2010-2240, Important)

* A miscalculation of the size of the free space of the initial directory
entry in a directory leaf block was found in the Linux kernel Global File
System 2 (GFS2) implementation. A local, unprivileged user with write
access to a GFS2-mounted file system could perform a rename operation on
that file system to trigger a NULL pointer dereference, possibly resulting
in a denial of service or privilege escalation. (CVE-2010-2798, Important)

Red Hat would like to thank the X.Org security team for reporting
CVE-2010-2240, with upstream acknowledging Rafal Wojtczuk as the original
reporter
and Grant Diffey of CenITex for reporting CVE-2010-2798.

This update also fixes the following bugs:

* Problems receiving network traffic correctly via a non-standard layer 3
protocol when using the ixgbe driver. This update corrects this issue.
(BZ#618275)

* A bug was found in the way the megaraid_sas driver (for SAS based RAID
controllers) handled physical disks and management IOCTLs. All physical
disks were exported to the disk layer, allowing an oops in
megasas_complete_cmd_dpc() when completing the IOCTL command if a timeout
occurred. One possible trigger for this bug was running mkfs. This update
resolves this issue by updating the megaraid_sas driver to version 4.31.
(BZ#619363)

* Previously, Message Signaled Interrupts (MSI) resulted in PCI bus writes
to mask and unmask the MSI IRQ for a PCI device. These unnecessary PCI bus
writes resulted in the serialization of MSIs, leading to poor performance
on systems with high MSI load. This update adds a new kernel boot
parameter, msi_nolock, which forgoes the PCI bus writes and allows for
better simultaneous processing of MSIs. (BZ#621939)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0670.html
http://www.redhat.com/security/updates/classification/#important

Risk factor : High

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-2240
Bugtraq: 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console (Google Search)
http://www.securityfocus.com/archive/1/517739/100/0/threaded
Debian Security Information: DSA-2094 (Google Search)
http://www.debian.org/security/2010/dsa-2094
http://www.mandriva.com/security/advisories?name=MDVSA-2010:172
http://www.mandriva.com/security/advisories?name=MDVSA-2010:198
http://www.mandriva.com/security/advisories?name=MDVSA-2011:051
http://www.invisiblethingslab.com/resources/misc-2010/xorg-large-memory-attacks.pdf
http://lists.vmware.com/pipermail/security-announce/2011/000133.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13247
http://www.redhat.com/support/errata/RHSA-2010-0660.html
RedHat Security Advisories: RHSA-2010:0661
https://rhn.redhat.com/errata/RHSA-2010-0661.html
http://www.redhat.com/support/errata/RHSA-2010-0670.html
http://www.redhat.com/support/errata/RHSA-2010-0882.html
http://securitytracker.com/id?1024344
Common Vulnerability Exposure (CVE) ID: CVE-2010-2798
BugTraq ID: 42124
http://www.securityfocus.com/bid/42124
Bugtraq: 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (Google Search)
http://www.securityfocus.com/archive/1/520102/100/0/threaded
http://www.openwall.com/lists/oss-security/2010/08/02/1
http://www.openwall.com/lists/oss-security/2010/08/02/10
http://www.redhat.com/support/errata/RHSA-2010-0723.html
http://securitytracker.com/id?1024386
http://secunia.com/advisories/46397
SuSE Security Announcement: SUSE-SA:2010:040 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html
SuSE Security Announcement: SUSE-SA:2010:054 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html
http://www.ubuntu.com/usn/USN-1000-1
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.