Red Hat Local Security Checks : RedHat Update for kernel RHSA-2012:1426-01

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.870859

Categoría: Red Hat Local Security Checks

Título: RedHat Update for kernel RHSA-2012:1426-01

Resumen: The remote host is missing an update for the 'kernel'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* A use-after-free flaw was found in the Linux kernel's memory management
subsystem in the way quota handling for huge pages was performed. A local,
unprivileged user could use this flaw to cause a denial of service or,
potentially, escalate their privileges. (CVE-2012-2133, Moderate)

* It was found that when running a 32-bit binary that uses a large number
of shared libraries, one of the libraries would always be loaded at a
predictable address in memory. An attacker could use this flaw to bypass
the Address Space Layout Randomization (ASLR) security feature.
(CVE-2012-1568, Low)

* Buffer overflow flaws were found in the udf_load_logicalvol() function
in the Universal Disk Format (UDF) file system implementation in the Linux
kernel. An attacker with physical access to a system could use these flaws
to cause a denial of service or escalate their privileges. (CVE-2012-3400,
Low)

Red Hat would like to thank Shachar Raindel for reporting CVE-2012-2133.

This update also fixes several bugs. Documentation for these changes will
be available shortly from the Technical Notes document linked to in the
References section.

Users should upgrade to these updated packages, which contain backported
patches to correct these issues, and fix the bugs noted in the Technical
Notes. The system must be rebooted for this update to take effect.

Affected Software/OS:
kernel on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
7.6

CVSS Vector:
AV:N/AC:H/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-1568
http://scarybeastsecurity.blogspot.com/2012/03/some-random-observations-on-linux-aslr.html
http://www.openwall.com/lists/oss-security/2012/03/20/4
http://openwall.com/lists/oss-security/2012/03/21/3
Common Vulnerability Exposure (CVE) ID: CVE-2012-2133
BugTraq ID: 53233
http://www.securityfocus.com/bid/53233
Debian Security Information: DSA-2469 (Google Search)
http://www.debian.org/security/2012/dsa-2469
http://www.openwall.com/lists/oss-security/2012/04/24/12
SuSE Security Announcement: SUSE-SU-2012:0616 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html
XForce ISS Database: linux-kernel-hugepages-dos(75168)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75168
Common Vulnerability Exposure (CVE) ID: CVE-2012-3400
http://www.openwall.com/lists/oss-security/2012/07/10/2
RedHat Security Advisories: RHSA-2013:0594
http://rhn.redhat.com/errata/RHSA-2013-0594.html
http://secunia.com/advisories/50506
SuSE Security Announcement: SUSE-SU-2015:0812 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
http://ubuntu.com/usn/usn-1529-1
http://www.ubuntu.com/usn/USN-1555-1
http://www.ubuntu.com/usn/USN-1556-1
http://www.ubuntu.com/usn/USN-1557-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-3511
BugTraq ID: 55151
http://www.securityfocus.com/bid/55151
http://www.openwall.com/lists/oss-security/2012/08/20/13
http://secunia.com/advisories/50633
http://secunia.com/advisories/50732
http://secunia.com/advisories/55055
http://www.ubuntu.com/usn/USN-1567-1
http://www.ubuntu.com/usn/USN-1572-1
http://www.ubuntu.com/usn/USN-1577-1

Copyright Copyright (c) 2012 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.870859
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for kernel RHSA-2012:1426-01
Resumen:	The remote host is missing an update for the 'kernel'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the referenced advisory. Vulnerability Insight: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A use-after-free flaw was found in the Linux kernel's memory management subsystem in the way quota handling for huge pages was performed. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2012-2133, Moderate) * It was found that when running a 32-bit binary that uses a large number of shared libraries, one of the libraries would always be loaded at a predictable address in memory. An attacker could use this flaw to bypass the Address Space Layout Randomization (ASLR) security feature. (CVE-2012-1568, Low) * Buffer overflow flaws were found in the udf_load_logicalvol() function in the Universal Disk Format (UDF) file system implementation in the Linux kernel. An attacker with physical access to a system could use these flaws to cause a denial of service or escalate their privileges. (CVE-2012-3400, Low) Red Hat would like to thank Shachar Raindel for reporting CVE-2012-2133. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. Affected Software/OS: kernel on Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 7.6 CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1568 http://scarybeastsecurity.blogspot.com/2012/03/some-random-observations-on-linux-aslr.html http://www.openwall.com/lists/oss-security/2012/03/20/4 http://openwall.com/lists/oss-security/2012/03/21/3 Common Vulnerability Exposure (CVE) ID: CVE-2012-2133 BugTraq ID: 53233 http://www.securityfocus.com/bid/53233 Debian Security Information: DSA-2469 (Google Search) http://www.debian.org/security/2012/dsa-2469 http://www.openwall.com/lists/oss-security/2012/04/24/12 SuSE Security Announcement: SUSE-SU-2012:0616 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html XForce ISS Database: linux-kernel-hugepages-dos(75168) https://exchange.xforce.ibmcloud.com/vulnerabilities/75168 Common Vulnerability Exposure (CVE) ID: CVE-2012-3400 http://www.openwall.com/lists/oss-security/2012/07/10/2 RedHat Security Advisories: RHSA-2013:0594 http://rhn.redhat.com/errata/RHSA-2013-0594.html http://secunia.com/advisories/50506 SuSE Security Announcement: SUSE-SU-2015:0812 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://ubuntu.com/usn/usn-1529-1 http://www.ubuntu.com/usn/USN-1555-1 http://www.ubuntu.com/usn/USN-1556-1 http://www.ubuntu.com/usn/USN-1557-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-3511 BugTraq ID: 55151 http://www.securityfocus.com/bid/55151 http://www.openwall.com/lists/oss-security/2012/08/20/13 http://secunia.com/advisories/50633 http://secunia.com/advisories/50732 http://secunia.com/advisories/55055 http://www.ubuntu.com/usn/USN-1567-1 http://www.ubuntu.com/usn/USN-1572-1 http://www.ubuntu.com/usn/USN-1577-1
Copyright	Copyright (c) 2012 Greenbone Networks GmbH