Summary
The remote host is missing updates to the kernel announced in advisory RHSA-2009:0009.
These updated packages address the following security issues:
* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local, unprivileged user to prepare and run a specially-crafted binary which would use this deficiency to leak uninitialized and potentially sensitive data. (CVE-2008-0598, Important)
* Olaf Kirch reported a flaw in the i915 kernel driver that only affects the Intel G33 series and newer. This flaw could, potentially, lead to local privilege escalation. (CVE-2008-3831, Important)
* Miklos Szeredi reported a missing check for files opened with O_APPEND in sys_splice(). This could allow a local, unprivileged user to bypass the append-only file restrictions. (CVE-2008-4554, Important)
* a deficiency was found in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. This could lead to a possible denial of service if one end of a SCTP connection did not support the AUTH extension.
(CVE-2008-4576, Important)
* Wei Yongjun reported a flaw in the Linux kernel SCTP implementation. In certain code paths, sctp_sf_violation_paramlen() could be called with a wrong parameter data type. This could lead to a possible denial of service.
(CVE-2008-4618, Important)
* when fput() was called to close a socket, the __scm_destroy() function in the Linux kernel could make indirect recursive calls to itself. This could, potentially, lead to a denial of service issue. (CVE-2008-5029, Important)
* the ext2 and ext3 filesystem code failed to properly handle corrupted data structures, leading to a possible local denial of service issue when read or write operations were performed. (CVE-2008-3528, Low)
All Red Hat Enterprise MRG users should install this update which addresses these vulnerabilities and fixes these bugs.
Solution
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date
References
Severity
Classification
-
CVE CVE-2008-0598, CVE-2008-3528, CVE-2008-3831, CVE-2008-4554, CVE-2008-4576, CVE-2008-4618, CVE-2008-5029 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
Related Vulnerabilities