| Description: | Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.
Vulnerability Insight:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
This update addresses the following security issues:
* the sendmsg() function in the Linux kernel did not block during UNIX
socket garbage collection. This could, potentially, lead to a local denial
of service. (CVE-2008-5300, Important)
* when fput() was called to close a socket, the __scm_destroy() function in
the Linux kernel could make indirect recursive calls to itself. This could,
potentially, lead to a local denial of service. (CVE-2008-5029, Important)
* a deficiency was found in the Linux kernel virtual file system (VFS)
implementation. This could allow a local, unprivileged user to make a
series of file creations within deleted directories, possibly causing a
denial of service. (CVE-2008-3275, Moderate)
* a buffer underflow flaw was found in the Linux kernel IB700 SBC watchdog
timer driver. This deficiency could lead to a possible information leak. By
default, the '/dev/watchdog' device is accessible only to the root user.
(CVE-2008-5702, Low)
* the hfs and hfsplus file systems code failed to properly handle corrupted
data structures. This could, potentially, lead to a local denial of
service. (CVE-2008-4933, CVE-2008-5025, Low)
* a flaw was found in the hfsplus file system implementation. This could,
potentially, lead to a local denial of service when write operations were
performed. (CVE-2008-4934, Low)
This update also fixes the following bugs:
* when running Red Hat Enterprise Linux 4.6 and 4.7 on some systems running
Intel® CPUs, the cpuspeed daemon did not run, preventing the CPU speed from
being changed, such as not being reduced to an idle state when not in use.
* mmap() could be used to gain access to beyond the first megabyte of RAM,
due to insufficient checks in the Linux kernel code. Checks have been added
to prevent this.
* attempting to turn keyboard LEDs on and off rapidly on keyboards with
slow keyboard controllers, may have caused key presses to fail.
* after migrating a hypervisor guest, the MAC address table was not
updated, causing packet loss and preventing network connections to the
guest. Now, a gratuitous ARP request is sent after migration. This
refreshes the ARP caches, minimizing network downtime.
* writing crash dumps with diskdump may have caused a kernel panic on
Non-Uniform Memory Access (NUMA) systems with certain memory
configurations.
* on big-endian systems, such as PowerPC, the getsockopt() function
incorrectly returned 0 depending on ...
Description truncated, please see the referenced URL(s) for more information.
Affected Software/OS:
kernel on CentOS 4
Solution:
Please install the updated packages.
CVSS Score:
7.8
CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
