Solution
Please Install the Updated Packages.
Insight
The kernel packages contain the Linux kernel, the core of any Linux operating system.
This update fixes the following security issues:
* A flaw was found in sctp_packet_config() in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could use this flaw to cause a denial of service. (CVE-2010-3432, Important)
* A missing integer overflow check was found in snd_ctl_new() in the Linux kernel's sound subsystem. A local, unprivileged user on a 32-bit system could use this flaw to cause a denial of service or escalate their privileges. (CVE-2010-3442, Important)
* A heap overflow flaw in the Linux kernel's Transparent Inter-Process Communication protocol (TIPC) implementation could allow a local, unprivileged user to escalate their privileges. (CVE-2010-3859, Important)
* An integer overflow flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges. (CVE-2010-3865, Important)
* A flaw was found in the Xenbus code for the unified block-device I/O interface back end. A privileged guest user could use this flaw to cause a denial of service on the host system running the Xen hypervisor.
(CVE-2010-3699, Moderate)
* Missing sanity checks were found in setup_arg_pages() in the Linux kernel. When making the size of the argument and environment area on the stack very large, it could trigger a BUG_ON(), resulting in a local denial of service. (CVE-2010-3858, Moderate)
* A flaw was found in inet_csk_diag_dump() in the Linux kernel's module for monitoring the sockets of INET transport protocols. By sending a netlink message with certain bytecode, a local, unprivileged user could cause a denial of service. (CVE-2010-3880, Moderate)
* Missing sanity checks were found in gdth_ioctl_alloc() in the gdth driver in the Linux kernel. A local user with access to " /dev/gdth"
on a 64-bit
system could use this flaw to cause a denial of service or escalate their privileges. (CVE-2010-4157, Moderate)
* The fix for Red Hat Bugzilla bug 484590 as provided in RHSA-2009:1243 introduced a regression. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2010-4161, Moderate)
* A NULL pointer dereference flaw was found in the Bluetooth HCI UART driver in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2010-4242, Moderate) ...
Description truncated, for more information please check the Reference URL
Affected
kernel on Red Hat Enterprise Linux (v. 5 server)
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
Related Vulnerabilities