Beschreibung: | Description:
The remote host is missing an update to kernel announced via advisory TLSA-2004-14.
The kernel package contains the Linux kernel (vmlinuz), the core of your Linux operating system.
- Real time clock (RTC) routines in Linux kernel does not properly initialize their structures, which could leak kernel data to user space. - The R128 driver has a vulnerability. - Stack-based buffer overflow in the ncp_lookup function for ncpfs in kernel. - Buffer overflow in the ISO9660 file system component for Linux kernel. - The OSS code for the Sound Blaster driver in Linux 2.4.x does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash). - The JFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for an ext3 file system, which allows local users to obtain sensitive information by reading the raw device. - A potential buffer overflow exists in the panic() function in kernel. - The do_fork function in Linux 2.4.x and 2.6.x does not properly decrement the mm_count counter when an error occurs after the mm_struct for a child process has been activated, which triggers a memory leak that allows local users to cause a denial of service (memory exhaustion).
The vulnerabilities may allow an attacker to cause a denial of service to the kernel and gain sensitive information from your system.
Solution: Please use the turbopkg (zabom) tool to apply the update. https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2004-14
Risk factor : High
CVSS Score: 7.2
|