Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.870859
Category:Red Hat Local Security Checks
Title:RedHat Update for kernel RHSA-2012:1426-01
Summary:The remote host is missing an update for the 'kernel'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* A use-after-free flaw was found in the Linux kernel's memory management
subsystem in the way quota handling for huge pages was performed. A local,
unprivileged user could use this flaw to cause a denial of service or,
potentially, escalate their privileges. (CVE-2012-2133, Moderate)

* It was found that when running a 32-bit binary that uses a large number
of shared libraries, one of the libraries would always be loaded at a
predictable address in memory. An attacker could use this flaw to bypass
the Address Space Layout Randomization (ASLR) security feature.
(CVE-2012-1568, Low)

* Buffer overflow flaws were found in the udf_load_logicalvol() function
in the Universal Disk Format (UDF) file system implementation in the Linux
kernel. An attacker with physical access to a system could use these flaws
to cause a denial of service or escalate their privileges. (CVE-2012-3400,
Low)

Red Hat would like to thank Shachar Raindel for reporting CVE-2012-2133.

This update also fixes several bugs. Documentation for these changes will
be available shortly from the Technical Notes document linked to in the
References section.

Users should upgrade to these updated packages, which contain backported
patches to correct these issues, and fix the bugs noted in the Technical
Notes. The system must be rebooted for this update to take effect.

Affected Software/OS:
kernel on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
7.6

CVSS Vector:
AV:N/AC:H/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-1568
http://scarybeastsecurity.blogspot.com/2012/03/some-random-observations-on-linux-aslr.html
http://www.openwall.com/lists/oss-security/2012/03/20/4
http://openwall.com/lists/oss-security/2012/03/21/3
Common Vulnerability Exposure (CVE) ID: CVE-2012-2133
BugTraq ID: 53233
http://www.securityfocus.com/bid/53233
Debian Security Information: DSA-2469 (Google Search)
http://www.debian.org/security/2012/dsa-2469
http://www.openwall.com/lists/oss-security/2012/04/24/12
SuSE Security Announcement: SUSE-SU-2012:0616 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html
XForce ISS Database: linux-kernel-hugepages-dos(75168)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75168
Common Vulnerability Exposure (CVE) ID: CVE-2012-3400
http://www.openwall.com/lists/oss-security/2012/07/10/2
RedHat Security Advisories: RHSA-2013:0594
http://rhn.redhat.com/errata/RHSA-2013-0594.html
http://secunia.com/advisories/50506
SuSE Security Announcement: SUSE-SU-2015:0812 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
http://ubuntu.com/usn/usn-1529-1
http://www.ubuntu.com/usn/USN-1555-1
http://www.ubuntu.com/usn/USN-1556-1
http://www.ubuntu.com/usn/USN-1557-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-3511
BugTraq ID: 55151
http://www.securityfocus.com/bid/55151
http://www.openwall.com/lists/oss-security/2012/08/20/13
http://secunia.com/advisories/50633
http://secunia.com/advisories/50732
http://secunia.com/advisories/55055
http://www.ubuntu.com/usn/USN-1567-1
http://www.ubuntu.com/usn/USN-1572-1
http://www.ubuntu.com/usn/USN-1577-1
CopyrightCopyright (c) 2012 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.