Summary
The remote host is missing updates to the kernel announced in advisory RHSA-2009:0331.
This update addresses the following security issues:
* a buffer overflow was found in the Linux kernel Partial Reliable Stream Control Transmission Protocol (PR-SCTP) implementation. This could, potentially, lead to a denial of service if a Forward-TSN chunk is received with a large stream ID. (CVE-2009-0065, Important)
* a memory leak was found in keyctl handling. A local, unprivileged user could use this flaw to deplete kernel memory, eventually leading to a denial of service. (CVE-2009-0031, Important)
* a deficiency was found in the Remote BIOS Update (RBU) driver for Dell systems. This could allow a local, unprivileged user to cause a denial of service by reading zero bytes from the image_type or packet_size file in /sys/devices/platform/dell_rbu/. (CVE-2009-0322, Important)
* a deficiency was found in the libATA implementation. This could, potentially, lead to a denial of service. Note: by default, /dev/sg* devices are accessible only to the root user. (CVE-2008-5700, Low)
This update also fixes a number of non-security related bugs.
For details, please visit the referenced advisories.
All Red Hat Enterprise Linux 4 users should upgrade to these updated packages, which contain backported patches to resolve these issues. The system must be rebooted for this update to take effect.
Solution
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2008-5700, CVE-2009-0031, CVE-2009-0065, CVE-2009-0322 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities