 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.71926 |
| Kategorie: | Red Hat Local Security Checks |
| Titel: | RedHat Security Advisory RHSA-2010:0670 |
| Zusammenfassung: | NOSUMMARY |
| Beschreibung: | Description: The remote host is missing updates announced in advisory RHSA-2010:0670. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * When an application has a stack overflow, the stack could silently overwrite another memory mapped area instead of a segmentation fault occurring, which could cause an application to execute arbitrary code, possibly leading to privilege escalation. It is known that the X Window System server can be used to trigger this flaw. (CVE-2010-2240, Important) * A miscalculation of the size of the free space of the initial directory entry in a directory leaf block was found in the Linux kernel Global File System 2 (GFS2) implementation. A local, unprivileged user with write access to a GFS2-mounted file system could perform a rename operation on that file system to trigger a NULL pointer dereference, possibly resulting in a denial of service or privilege escalation. (CVE-2010-2798, Important) Red Hat would like to thank the X.Org security team for reporting CVE-2010-2240, with upstream acknowledging Rafal Wojtczuk as the original reporter and Grant Diffey of CenITex for reporting CVE-2010-2798. This update also fixes the following bugs: * Problems receiving network traffic correctly via a non-standard layer 3 protocol when using the ixgbe driver. This update corrects this issue. (BZ#618275) * A bug was found in the way the megaraid_sas driver (for SAS based RAID controllers) handled physical disks and management IOCTLs. All physical disks were exported to the disk layer, allowing an oops in megasas_complete_cmd_dpc() when completing the IOCTL command if a timeout occurred. One possible trigger for this bug was running mkfs. This update resolves this issue by updating the megaraid_sas driver to version 4.31. (BZ#619363) * Previously, Message Signaled Interrupts (MSI) resulted in PCI bus writes to mask and unmask the MSI IRQ for a PCI device. These unnecessary PCI bus writes resulted in the serialization of MSIs, leading to poor performance on systems with high MSI load. This update adds a new kernel boot parameter, msi_nolock, which forgoes the PCI bus writes and allows for better simultaneous processing of MSIs. (BZ#621939) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0670.html http://www.redhat.com/security/updates/classification/#important Risk factor : High |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-2240 Bugtraq: 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console (Google Search) http://www.securityfocus.com/archive/1/517739/100/0/threaded Debian Security Information: DSA-2094 (Google Search) http://www.debian.org/security/2010/dsa-2094 http://www.mandriva.com/security/advisories?name=MDVSA-2010:172 http://www.mandriva.com/security/advisories?name=MDVSA-2010:198 http://www.mandriva.com/security/advisories?name=MDVSA-2011:051 http://www.invisiblethingslab.com/resources/misc-2010/xorg-large-memory-attacks.pdf http://lists.vmware.com/pipermail/security-announce/2011/000133.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13247 http://www.redhat.com/support/errata/RHSA-2010-0660.html RedHat Security Advisories: RHSA-2010:0661 https://rhn.redhat.com/errata/RHSA-2010-0661.html http://www.redhat.com/support/errata/RHSA-2010-0670.html http://www.redhat.com/support/errata/RHSA-2010-0882.html http://securitytracker.com/id?1024344 Common Vulnerability Exposure (CVE) ID: CVE-2010-2798 BugTraq ID: 42124 http://www.securityfocus.com/bid/42124 Bugtraq: 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (Google Search) http://www.securityfocus.com/archive/1/520102/100/0/threaded http://www.openwall.com/lists/oss-security/2010/08/02/1 http://www.openwall.com/lists/oss-security/2010/08/02/10 http://www.redhat.com/support/errata/RHSA-2010-0723.html http://securitytracker.com/id?1024386 http://secunia.com/advisories/46397 SuSE Security Announcement: SUSE-SA:2010:040 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html SuSE Security Announcement: SUSE-SA:2010:054 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html http://www.ubuntu.com/usn/USN-1000-1 |
| Copyright | Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com |
| Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |