Summary
The remote host is missing updates to the kernel announced in advisory RHSA-2009:1077.
This update includes backported fixes for two approved security issues.
These issues only affected users of Red Hat Enterprise Linux 4.7 Extended Update Support, as they have already been addressed for users of Red Hat Enterprise Linux 4 in the 4.8 update, RHSA-2009:1024.
* the exit_notify() function in the Linux kernel did not properly reset the exit signal if a process executed a set user ID (setuid) application before exiting. This could allow a local, unprivileged user to elevate their privileges. (CVE-2009-1337, Important)
* the Linux kernel implementation of the Network File System (NFS) version 4 did not properly initialize the file name limit in the nfs_server data structure. This flaw could possibly lead to a denial of service on a client mounting an NFSv4 share. (CVE-2009-1336, Moderate)
Users should upgrade to these updated packages, which contain backported patches to correct these issues. For this update to take effect, the system must be rebooted.
Solution
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date
Severity
Classification
-
CVE CVE-2009-1336, CVE-2009-1337 -
CVSS Base Score: 4.9
AV:L/AC:L/Au:N/C:N/I:N/A:C
Related Vulnerabilities