Description: | Description: The remote host is missing updates announced in advisory RHSA-2011:1253.
Security fixes:
* A flaw in the SCTP and DCCP implementations could allow a remote attacker to cause a denial of service. (CVE-2010-4526, CVE-2011-1770, Important)
* Flaws in the Management Module Support for Message Passing Technology (MPT) based controllers could allow a local, unprivileged user to cause a denial of service, an information leak, or escalate their privileges. (CVE-2011-1494, CVE-2011-1495, Important)
* Flaws in the AGPGART driver, and a flaw in agp_allocate_memory(), could allow a local user to cause a denial of service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022, CVE-2011-1746, Important)
* A flaw in the client-side NLM implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2491, Important)
* A flaw in the Bluetooth implementation could allow a remote attacker to cause a denial of service or escalate their privileges. (CVE-2011-2497, Important)
* Flaws in the netlink-based wireless configuration interface could allow a local user, who has the CAP_NET_ADMIN capability, to cause a denial of service or escalate their privileges on systems that have an active wireless interface. (CVE-2011-2517, Important)
* The maximum file offset handling for ext4 file systems could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2695, Important)
* A local, unprivileged user could allocate large amounts of memory not visible to the OOM killer, causing a denial of service. (CVE-2010-4243, Moderate)
* The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues. (CVE-2011-1020, Moderate)
* A local, privileged user could possibly write arbitrary kernel memory via /sys/kernel/debug/acpi/custom_method. (CVE-2011-1021, Moderate)
* Inconsistency in the methods for allocating and freeing NFSv4 ACL data
CVE-2010-4250 fix caused a regression a flaw in next_pidmap() and inet_diag_bc_audit() flaws in the CAN implementation a race condition in the memory merging support a flaw in the taskstats subsystem and the way mapping expansions were handled could allow a local, unprivileged user to cause a denial of service. (CVE-2011-1090, CVE-2011-1479, CVE-2011-1593, CVE-2011-2213, CVE-2011-1598, CVE-2011-1748, CVE-2011-2183, CVE-2011-2484, CVE-2011-2496, Moderate)
* A flaw in GRO could result in a denial of service when a malformed VLAN frame is received. (CVE-2011-1478, Moderate)
* napi_reuse_skb() could be called on VLAN packets allowing an attacker on the local network to possibly trigger a denial of service. (CVE-2011-1576, Moderate)
* A denial of service could occur if packets were received while the ipip or ip_gre module was being loaded. (CVE-2011-1767, CVE-2011-1768, Moderate)
* Information leaks. (CVE-2011-1160, CVE-2011-2492, CVE-2011-2495, Low)
* Flaws in the EFI GUID Partition Table implementation could allow a local attacker to cause a denial of service. (CVE-2011-1577, CVE-2011-1776, Low)
* While a user has a CIFS share mounted that required successful authentication, a local, unprivileged user could mount that share without knowing the correct password if mount.cifs was setuid root. (CVE-2011-1585, Low)
Red Hat would like to thank Dan Rosenberg for reporting CVE-2011-1770, CVE-2011-1494, CVE-2011-1495, CVE-2011-2497, and CVE-2011-2213 Vasiliy Kulikov of Openwall for reporting CVE-2011-1745, CVE-2011-2022, CVE-2011-1746, CVE-2011-2484, and CVE-2011-2495 Vasily Averin for reporting CVE-2011-2491 Brad Spengler for reporting CVE-2010-4243 Kees Cook for reporting CVE-2011-1020 Robert Swiecki for reporting CVE-2011-1593 and CVE-2011-2496 Oliver Hartkopp for reporting CVE-2011-1748 Andrea Righi for reporting CVE-2011-2183 Ryan Sweat for reporting CVE-2011-1478 and CVE-2011-1576 Peter Huewe for reporting CVE-2011-1160 Marek Kroemeke and Filip Palian for reporting CVE-2011-2492
and Timo Warns for reporting CVE-2011-1577 and CVE-2011-1776.
Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date
http://rhn.redhat.com/errata/RHSA-2011-1253.html
Risk factor : High
|