Chapter 1. Package Updates
90
Security fixes:
* a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function in the Linux kernel
Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a
specially-crafted SCTP packet to a target system, resulting in a denial of service. (
CVE-2010-0008
575
,
Important)
* a missing boundary check was found in the do_move_pages() function in the memory migration
functionality in the Linux kernel. A local user could use this flaw to cause a local denial of service or an
information leak. (
CVE-2010-0415
576
, Important)
* a NULL pointer dereference flaw was found in the ip6_dst_lookup_tail() function in the Linux kernel.
An attacker on the local network could trigger this flaw by sending IPv6 traffic to a target system,
leading to a system crash (kernel OOPS) if dst->neighbour is NULL on the target system when
receiving an IPv6 packet. (
CVE-2010-0437
577
, Important)
* a NULL pointer dereference flaw was found in the ext4 file system code in the Linux kernel. A local
attacker could use this flaw to trigger a local denial of service by mounting a specially-crafted, journal-
less ext4 file system, if that file system forced an EROFS error. (
CVE-2009-4308
578
, Moderate)
* an information leak was found in the print_fatal_signal() implementation in the Linux kernel. When "/
proc/sys/kernel/print-fatal-signals" is set to 1 (the default value is 0), memory that is reachable by the
kernel could be leaked to user-space. This issue could also result in a system crash. Note that this
flaw only affected the i386 architecture. (
CVE-2010-0003
579
, Moderate)
* missing capability checks were found in the ebtables implementation, used for creating an Ethernet
bridge firewall. This could allow a local, unprivileged user to bypass intended capability restrictions and
modify ebtables rules. (
CVE-2010-0007
580
, Low)
Bug fixes:
* a bug prevented Wake on LAN (WoL) being enabled on certain Intel hardware. (
BZ#543449
581
)
* a race issue in the Journaling Block Device. (
BZ#553132
582
)
* programs compiled on x86, and that also call sched_rr_get_interval(), were silently corrupted when
run on 64-bit systems. (
BZ#557684
583
)
* the RHSA-2010:0019 update introduced a regression, preventing WoL from working for network
devices using the e1000e driver. (
BZ#559335
584
)
* adding a bonding interface in mode balance-alb to a bridge was not functional. (
BZ#560588
585
)
* some KVM (Kernel-based Virtual Machine) guests experienced slow performance (and possibly a
crash) after suspend/resume. (
BZ#560640
586
)
575
https://www.redhat.com/security/data/cve/CVE-2010-0008.html
576
https://www.redhat.com/security/data/cve/CVE-2010-0415.html
577
https://www.redhat.com/security/data/cve/CVE-2010-0437.html
578
https://www.redhat.com/security/data/cve/CVE-2009-4308.html
579
https://www.redhat.com/security/data/cve/CVE-2010-0003.html
580
https://www.redhat.com/security/data/cve/CVE-2010-0007.html
581
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=543449
582
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=553132
583
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=557684
584
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=559335
585
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=560588
586
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=560640
Содержание ENTERPRISE LINUX 5.5 - S 2010
Страница 10: ...x ...
Страница 308: ...298 ...
Страница 310: ...300 ...
Страница 468: ...458 ...
Страница 470: ...460 ...