| Beschreibung: | Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.
Vulnerability Insight:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
These updated packages fix the following security issues:
* a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This
macro did not initialize the sendpage operation in the proto_ops structure
correctly. A local, unprivileged user could use this flaw to cause a local
denial of service or escalate their privileges. (CVE-2009-2692, Important)
* a flaw was found in the udp_sendmsg() implementation in the Linux kernel
when using the MSG_MORE flag on UDP sockets. A local, unprivileged user
could use this flaw to cause a local denial of service or escalate their
privileges. (CVE-2009-2698, Important)
Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google
Security Team for responsibly reporting these flaws.
These updated packages also fix the following bug:
* in the dlm code, a socket was allocated in tcp_connect_to_sock(), but was
not freed in the error exit path. This bug led to a memory leak and an
unresponsive system. A reported case of this bug occurred after running
'cman_tool kill -n [nodename]'. (BZ#515432)
Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.
Affected Software/OS:
kernel on CentOS 5
Solution:
Please install the updated packages.
CVSS Score:
7.2
CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
