|Category:||Red Hat Local Security Checks|
|Title:||RedHat Update for kernel RHSA-2012:1426-01|
|Summary:||The remote host is missing an update for the 'kernel'; package(s) announced via the referenced advisory.|
The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.
The kernel packages contain the Linux kernel, the core of any Linux
This update fixes the following security issues:
* A use-after-free flaw was found in the Linux kernel's memory management
subsystem in the way quota handling for huge pages was performed. A local,
unprivileged user could use this flaw to cause a denial of service or,
potentially, escalate their privileges. (CVE-2012-2133, Moderate)
* It was found that when running a 32-bit binary that uses a large number
of shared libraries, one of the libraries would always be loaded at a
predictable address in memory. An attacker could use this flaw to bypass
the Address Space Layout Randomization (ASLR) security feature.
* Buffer overflow flaws were found in the udf_load_logicalvol() function
in the Universal Disk Format (UDF) file system implementation in the Linux
kernel. An attacker with physical access to a system could use these flaws
to cause a denial of service or escalate their privileges. (CVE-2012-3400,
Red Hat would like to thank Shachar Raindel for reporting CVE-2012-2133.
This update also fixes several bugs. Documentation for these changes will
be available shortly from the Technical Notes document linked to in the
Users should upgrade to these updated packages, which contain backported
patches to correct these issues, and fix the bugs noted in the Technical
Notes. The system must be rebooted for this update to take effect.
kernel on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)
Please Install the Updated Packages.
Common Vulnerability Exposure (CVE) ID: CVE-2012-1568|
Common Vulnerability Exposure (CVE) ID: CVE-2012-2133
BugTraq ID: 53233
Debian Security Information: DSA-2469 (Google Search)
SuSE Security Announcement: SUSE-SU-2012:0616 (Google Search)
XForce ISS Database: linux-kernel-hugepages-dos(75168)
Common Vulnerability Exposure (CVE) ID: CVE-2012-3400
RedHat Security Advisories: RHSA-2013:0594
SuSE Security Announcement: SUSE-SU-2015:0812 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2012-3511
BugTraq ID: 55151
|Copyright||Copyright (c) 2012 Greenbone Networks GmbH|
|This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.