| Description: | Description:
The remote host is missing updates announced in
advisory RHSA-2009:1055.
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
This update fixes the following security issue:
* a buffer overflow was found in the Linux kernel Partial Reliable Stream
Control Transmission Protocol (PR-SCTP) implementation. This could,
potentially, lead to a remote denial of service or arbitrary code execution
if a Forward-TSN chunk is received with a large stream ID. Note: An
established connection between SCTP endpoints is necessary to exploit this
vulnerability. Refer to the Knowledgebase article in the References section
for further information. (CVE-2009-0065, Important)
This update also fixes the following bug:
* a problem in the way the i5000_edac module reported errors may have
caused the console on some systems to be flooded with errors, similar to
the following:
EDAC i5000 MC0: NON-FATAL ERROR Found!!! 1st NON-FATAL Err Reg= [hex value]
EDAC i5000: NON-Retry Errors, bits= [hex value]
After installing this update, the console will not be flooded with these
errors. (BZ#494734)
Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.
Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date
http://rhn.redhat.com/errata/RHSA-2009-1055.html
http://www.redhat.com/security/updates/classification/#important
http://kbase.redhat.com/faq/docs/DOC-16788
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
