| Beschreibung: | Description:
The remote host is missing updates announced in
advisory RHSA-2009:0264.
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
This update addresses the following security issues:
* a memory leak in keyctl handling. A local user could use this flaw to
deplete kernel memory, eventually leading to a denial of service.
(CVE-2009-0031, Important)
* a buffer overflow in the Linux kernel Partial Reliable Stream Control
Transmission Protocol (PR-SCTP) implementation. This could, potentially,
lead to a denial of service if a Forward-TSN chunk is received with a large
stream ID. (CVE-2009-0065, Important)
* a flaw when handling heavy network traffic on an SMP system with many
cores. An attacker who could send a large amount of network traffic could
create a denial of service. (CVE-2008-5713, Important)
* the code for the HFS and HFS Plus (HFS+) file systems failed to properly
handle corrupted data structures. This could, potentially, lead to a local
denial of service. (CVE-2008-4933, CVE-2008-5025, Low)
* a flaw was found in the HFS Plus (HFS+) file system implementation. This
could, potentially, lead to a local denial of service when write operations
are performed. (CVE-2008-4934, Low)
Users should upgrade to these updated packages, which contain backported
patches to correct these issues. Note: for this update to take effect, the
system must be rebooted.
Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date
http://rhn.redhat.com/errata/RHSA-2009-0264.html
http://www.redhat.com/security/updates/classification/#important
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
