Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

This update fixes the following security issues :

* instances of unsafe sprintf() use were found in the Linux kernel Bluetooth implementation. Creating a large number of Bluetooth L2CAP, SCO, or RFCOMM sockets could result in arbitrary memory pages being overwritten. A local, unprivileged user could use this flaw to cause a kernel panic (denial of service) or escalate their privileges.
(CVE-2010-1084, Important)

* a flaw was found in the Xen hypervisor implementation when using the Intel Itanium architecture, allowing guests to enter an unsupported state. An unprivileged guest user could trigger this flaw by setting the BE (Big Endian) bit of the Processor Status Register (PSR), leading to the guest crashing (denial of service). (CVE-2010-2070, Important)

* a flaw was found in the CIFSSMBWrite() function in the Linux kernel Common Internet File System (CIFS) implementation. A remote attacker could send a specially crafted SMB response packet to a target CIFS client, resulting in a kernel panic (denial of service).
(CVE-2010-2248, Important)

* buffer overflow flaws were found in the Linux kernel's implementation of the server-side External Data Representation (XDR) for the Network File System (NFS) version 4. An attacker on the local network could send a specially crafted large compound request to the NFSv4 server, which could possibly result in a kernel panic (denial of service) or, potentially, code execution. (CVE-2010-2521, Important)

* a flaw was found in the handling of the SWAPEXT IOCTL in the Linux kernel XFS file system implementation. A local user could use this flaw to read write-only files, that they do not own, on an XFS file system. This could lead to unintended information disclosure.
(CVE-2010-2226, Moderate)

* a flaw was found in the dns_resolver upcall used by CIFS. A local, unprivileged user could redirect a Microsoft Distributed File System link to another IP address, tricking the client into mounting the share from a server of the user's choosing. (CVE-2010-2524, Moderate)

* a missing check was found in the mext_check_arguments() function in the ext4 file system code. A local user could use this flaw to cause the MOVE_EXT IOCTL to overwrite the contents of an append-only file on an ext4 file system, if they have write permissions for that file.
(CVE-2010-2066, Low)

Red Hat would like to thank Neil Brown for reporting CVE-2010-1084, and Dan Rosenberg for reporting CVE-2010-2226 and CVE-2010-2066.

This update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References.

Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

It was discovered that the Linux kernel did not correctly handle memory protection of the Virtual Dynamic Shared Object page when running a 32-bit application on a 64-bit kernel. A local attacker could exploit this to cause a denial of service. (Only affected Ubuntu 6.06 LTS.) (CVE-2009-4271)

It was discovered that the r8169 network driver did not correctly check the size of Ethernet frames. A remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2009-4537)

Wei Yongjun discovered that SCTP did not correctly validate certain chunks. A remote attacker could send specially crafted traffic to monopolize CPU resources, leading to a denial of service. (Only affected Ubuntu 6.06 LTS.) (CVE-2010-0008)

It was discovered that KVM did not correctly limit certain privileged IO accesses on x86. Processes in the guest OS with access to IO regions could gain further privileges within the guest OS. (Did not affect Ubuntu 6.06 LTS.) (CVE-2010-0298, CVE-2010-0306, CVE-2010-0419)

Evgeniy Polyakov discovered that IPv6 did not correctly handle certain TUN packets. A remote attacker could exploit this to crash the system, leading to a denial of service. (Only affected Ubuntu 8.04 LTS.) (CVE-2010-0437)

Sachin Prabhu discovered that GFS2 did not correctly handle certain locks. A local attacker with write access to a GFS2 filesystem could exploit this to crash the system, leading to a denial of service.
(CVE-2010-0727)

Jamie Strandboge discovered that network virtio in KVM did not correctly handle certain high-traffic conditions. A remote attacker could exploit this by sending specially crafted traffic to a guest OS, causing the guest to crash, leading to a denial of service. (Only affected Ubuntu 8.04 LTS.) (CVE-2010-0741)

Marcus Meissner discovered that the USB subsystem did not correctly handle certain error conditions. A local attacker with access to a USB device could exploit this to read recently used kernel memory, leading to a loss of privacy and potentially root privilege escalation.
(CVE-2010-1083)

Neil Brown discovered that the Bluetooth subsystem did not correctly handle large amounts of traffic. A physically proximate remote attacker could exploit this by sending specially crafted traffic that would consume all available system memory, leading to a denial of service. (Ubuntu 6.06 LTS and 10.04 LTS were not affected.) (CVE-2010-1084)

Jody Bruchon discovered that the sound driver for the AMD780V did not correctly handle certain conditions. A local attacker with access to this hardward could exploit the flaw to cause a system crash, leading to a denial of service. (CVE-2010-1085)

Ang Way Chuang discovered that the DVB driver did not correctly handle certain MPEG2-TS frames. An attacker could exploit this by delivering specially crafted frames to monopolize CPU resources, leading to a denial of service. (Ubuntu 10.04 LTS was not affected.) (CVE-2010-1086)

Trond Myklebust discovered that NFS did not correctly handle truncation under certain conditions. A local attacker with write access to an NFS share could exploit this to crash the system, leading to a denial of service. (Ubuntu 10.04 LTS was not affected.) (CVE-2010-1087)

Al Viro discovered that automount of NFS did not correctly handle symlinks under certain conditions. A local attacker could exploit this to crash the system, leading to a denial of service. (Ubuntu 6.06 LTS and Ubuntu 10.04 LTS were not affected.) (CVE-2010-1088)

Matt McCutchen discovered that ReiserFS did not correctly protect xattr files in the .reiserfs_priv directory. A local attacker could exploit this to gain root privileges or crash the system, leading to a denial of service. (CVE-2010-1146)

Eugene Teo discovered that CIFS did not correctly validate arguments when creating new files. A local attacker could exploit this to crash the system, leading to a denial of service, or possibly gain root privileges if mmap_min_addr was not set. (CVE-2010-1148)

Catalin Marinas and Tetsuo Handa discovered that the TTY layer did not correctly release process IDs. A local attacker could exploit this to consume kernel resources, leading to a denial of service.
(CVE-2010-1162)

Neil Horman discovered that TIPC did not correctly check its internal state. A local attacker could send specially crafted packets via AF_TIPC that would cause the system to crash, leading to a denial of service. (Ubuntu 6.06 LTS was not affected.) (CVE-2010-1187)

Masayuki Nakagawa discovered that IPv6 did not correctly handle certain settings when listening. If a socket were listening with the IPV6_RECVPKTINFO flag, a remote attacker could send specially crafted traffic that would cause the system to crash, leading to a denial of service. (Only Ubuntu 6.06 LTS was affected.) (CVE-2010-1188)

Oleg Nesterov discovered that the Out-Of-Memory handler did not correctly handle certain arrangements of processes. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-1488).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote VMware ESX / ESXi host is missing a security-related patch.
It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries :

  - Apache Tomcat 
  - Apache Tomcat Manager
  - cURL 
  - Java Runtime Environment (JRE)
  - Kernel 
  - Microsoft SQL Express
  - OpenSSL
  - pam_krb5

The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2013-0039 for details.

USN-947-1 fixed vulnerabilities in the Linux kernel. Fixes for CVE-2010-0419 caused failures when using KVM in certain situations.
This update reverts that fix until a better solution can be found.

We apologize for the inconvenience.

It was discovered that the Linux kernel did not correctly handle memory protection of the Virtual Dynamic Shared Object page when running a 32-bit application on a 64-bit kernel. A local attacker could exploit this to cause a denial of service. (Only affected Ubuntu 6.06 LTS.) (CVE-2009-4271)

It was discovered that the r8169 network driver did not correctly check the size of Ethernet frames. A remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2009-4537)

Wei Yongjun discovered that SCTP did not correctly validate certain chunks. A remote attacker could send specially crafted traffic to monopolize CPU resources, leading to a denial of service. (Only affected Ubuntu 6.06 LTS.) (CVE-2010-0008)

It was discovered that KVM did not correctly limit certain privileged IO accesses on x86. Processes in the guest OS with access to IO regions could gain further privileges within the guest OS. (Did not affect Ubuntu 6.06 LTS.) (CVE-2010-0298, CVE-2010-0306, CVE-2010-0419)

Evgeniy Polyakov discovered that IPv6 did not correctly handle certain TUN packets. A remote attacker could exploit this to crash the system, leading to a denial of service.
(Only affected Ubuntu 8.04 LTS.) (CVE-2010-0437)

Sachin Prabhu discovered that GFS2 did not correctly handle certain locks. A local attacker with write access to a GFS2 filesystem could exploit this to crash the system, leading to a denial of service. (CVE-2010-0727)

Jamie Strandboge discovered that network virtio in KVM did not correctly handle certain high-traffic conditions. A remote attacker could exploit this by sending specially crafted traffic to a guest OS, causing the guest to crash, leading to a denial of service. (Only affected Ubuntu 8.04 LTS.) (CVE-2010-0741)

Marcus Meissner discovered that the USB subsystem did not correctly handle certain error conditions. A local attacker with access to a USB device could exploit this to read recently used kernel memory, leading to a loss of privacy and potentially root privilege escalation. (CVE-2010-1083)

Neil Brown discovered that the Bluetooth subsystem did not correctly handle large amounts of traffic. A physically proximate remote attacker could exploit this by sending specially crafted traffic that would consume all available system memory, leading to a denial of service. (Ubuntu 6.06 LTS and 10.04 LTS were not affected.) (CVE-2010-1084)

Jody Bruchon discovered that the sound driver for the AMD780V did not correctly handle certain conditions. A local attacker with access to this hardward could exploit the flaw to cause a system crash, leading to a denial of service.
(CVE-2010-1085)

Ang Way Chuang discovered that the DVB driver did not correctly handle certain MPEG2-TS frames. An attacker could exploit this by delivering specially crafted frames to monopolize CPU resources, leading to a denial of service.
(Ubuntu 10.04 LTS was not affected.) (CVE-2010-1086)

Trond Myklebust discovered that NFS did not correctly handle truncation under certain conditions. A local attacker with write access to an NFS share could exploit this to crash the system, leading to a denial of service. (Ubuntu 10.04 LTS was not affected.) (CVE-2010-1087)

Al Viro discovered that automount of NFS did not correctly handle symlinks under certain conditions. A local attacker could exploit this to crash the system, leading to a denial of service. (Ubuntu 6.06 LTS and Ubuntu 10.04 LTS were not affected.) (CVE-2010-1088)

Matt McCutchen discovered that ReiserFS did not correctly protect xattr files in the .reiserfs_priv directory. A local attacker could exploit this to gain root privileges or crash the system, leading to a denial of service. (CVE-2010-1146)

Eugene Teo discovered that CIFS did not correctly validate arguments when creating new files. A local attacker could exploit this to crash the system, leading to a denial of service, or possibly gain root privileges if mmap_min_addr was not set. (CVE-2010-1148)

Catalin Marinas and Tetsuo Handa discovered that the TTY layer did not correctly release process IDs. A local attacker could exploit this to consume kernel resources, leading to a denial of service. (CVE-2010-1162)

Neil Horman discovered that TIPC did not correctly check its internal state. A local attacker could send specially crafted packets via AF_TIPC that would cause the system to crash, leading to a denial of service. (Ubuntu 6.06 LTS was not affected.) (CVE-2010-1187)

Masayuki Nakagawa discovered that IPv6 did not correctly handle certain settings when listening. If a socket were listening with the IPV6_RECVPKTINFO flag, a remote attacker could send specially crafted traffic that would cause the system to crash, leading to a denial of service. (Only Ubuntu 6.06 LTS was affected.) (CVE-2010-1188)

Oleg Nesterov discovered that the Out-Of-Memory handler did not correctly handle certain arrangements of processes. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-1488).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update fixes the following security issues :

  - instances of unsafe sprintf() use were found in the     Linux kernel Bluetooth implementation. Creating a large     number of Bluetooth L2CAP, SCO, or RFCOMM sockets could     result in arbitrary memory pages being overwritten. A     local, unprivileged user could use this flaw to cause a     kernel panic (denial of service) or escalate their     privileges. (CVE-2010-1084, Important)

  - a flaw was found in the Xen hypervisor implementation     when using the Intel Itanium architecture, allowing     guests to enter an unsupported state. An unprivileged     guest user could trigger this flaw by setting the BE     (Big Endian) bit of the Processor Status Register (PSR),     leading to the guest crashing (denial of service).
    (CVE-2010-2070, Important)

  - a flaw was found in the CIFSSMBWrite() function in the     Linux kernel Common Internet File System (CIFS)     implementation. A remote attacker could send a specially     crafted SMB response packet to a target CIFS client,     resulting in a kernel panic (denial of service).
    (CVE-2010-2248, Important)

  - buffer overflow flaws were found in the Linux kernel's     implementation of the server-side External Data     Representation (XDR) for the Network File System (NFS)     version 4. An attacker on the local network could send a     specially crafted large compound request to the NFSv4     server, which could possibly result in a kernel panic     (denial of service) or, potentially, code execution.
    (CVE-2010-2521, Important)

  - a flaw was found in the handling of the SWAPEXT IOCTL in     the Linux kernel XFS file system implementation. A local     user could use this flaw to read write-only files, that     they do not own, on an XFS file system. This could lead     to unintended information disclosure. (CVE-2010-2226,     Moderate)

  - a flaw was found in the dns_resolver upcall used by     CIFS. A local, unprivileged user could redirect a     Microsoft Distributed File System link to another IP     address, tricking the client into mounting the share     from a server of the user's choosing. (CVE-2010-2524,     Moderate)

  - a missing check was found in the mext_check_arguments()     function in the ext4 file system code. A local user     could use this flaw to cause the MOVE_EXT IOCTL to     overwrite the contents of an append-only file on an ext4     file system, if they have write permissions for that     file. (CVE-2010-2066, Low)

The system must be rebooted for this update to take effect.

a. vCenter Server and vCenter Update Manager update Microsoft    SQL Server 2005 Express Edition to Service Pack 3

   Microsoft SQL Server 2005 Express Edition (SQL Express)    distributed with vCenter Server 4.1 Update 1 and vCenter Update    Manager 4.1 Update 1 is upgraded from  SQL Express Service Pack 2    to SQL Express Service Pack 3, to address multiple security    issues that exist in the earlier releases of Microsoft SQL Express.

   Customers using other database solutions need not update for    these issues.

   The Common Vulnerabilities and Exposures project (cve.mitre.org)    has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086,    CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL    Express Service Pack 3.

b. vCenter Apache Tomcat Management Application Credential Disclosure

   The Apache Tomcat Manager application configuration file contains    logon credentials that can be read by unprivileged local users.

   The issue is resolved by removing the Manager application in    vCenter 4.1 Update 1.

   If vCenter 4.1 is updated to vCenter 4.1 Update 1 the logon    credentials are not present in the configuration file after the    update.

   VMware would like to thank Claudio Criscione of Secure Networking    for reporting this issue to us.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)    has assigned the name CVE-2010-2928 to this issue.

c. vCenter Server and ESX, Oracle (Sun) JRE is updated to version    1.6.0_21

   Oracle (Sun) JRE update to version 1.6.0_21, which addresses    multiple security issues that existed in earlier releases of    Oracle (Sun) JRE.

   The Common Vulnerabilities and Exposures project (cve.mitre.org)    has assigned the following names to the security issues fixed in    Oracle (Sun) JRE 1.6.0_19: CVE-2009-3555, CVE-2010-0082,    CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088,    CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092,    CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837,    CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841,    CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845,    CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849,    CVE-2010-0850.

   The Common Vulnerabilities and Exposures project (cve.mitre.org)    has assigned the following name to the security issue fixed in    Oracle (Sun) JRE 1.6.0_20: CVE-2010-0886.

d. vCenter Update Manager Oracle (Sun) JRE is updated to version   1.5.0_26

   Oracle (Sun) JRE update to version 1.5.0_26, which addresses    multiple security issues that existed in earlier releases of    Oracle (Sun) JRE.

   The Common Vulnerabilities and Exposures project (cve.mitre.org)    has assigned the following names to the security issues fixed in    Oracle (Sun) JRE 1.5.0_26: CVE-2010-3556, CVE-2010-3566,    CVE-2010-3567, CVE-2010-3550, CVE-2010-3561, CVE-2010-3573,    CVE-2010-3565,CVE-2010-3568, CVE-2010-3569,  CVE-2009-3555,    CVE-2010-1321, CVE-2010-3548, CVE-2010-3551, CVE-2010-3562,    CVE-2010-3571, CVE-2010-3554, CVE-2010-3559, CVE-2010-3572,    CVE-2010-3553, CVE-2010-3549, CVE-2010-3557, CVE-2010-3541,    CVE-2010-3574.

e. vCenter Server and ESX Apache Tomcat updated to version 6.0.28

   Apache Tomcat updated to version 6.0.28, which addresses multiple    security issues that existed in earlier releases of Apache Tomcat

   The Common Vulnerabilities and Exposures project (cve.mitre.org)    has assigned the following names to the security issues fixed in    Apache Tomcat 6.0.24: CVE-2009-2693, CVE-2009-2901, CVE-2009-2902,i    and CVE-2009-3548.

   The Common Vulnerabilities and Exposures project (cve.mitre.org)    has assigned the following names to the security issues fixed in    Apache Tomcat 6.0.28: CVE-2010-2227, CVE-2010-1157.

f. vCenter Server third-party component OpenSSL updated to version    0.9.8n

   The version of the OpenSSL library in vCenter Server is updated to    0.9.8n.

   The Common Vulnerabilities and Exposures project (cve.mitre.org)    has assigned the names CVE-2010-0740 and CVE-2010-0433 to the    issues addressed in this version of OpenSSL.

g. ESX third-party component OpenSSL updated to version 0.9.8p

   The version of the ESX OpenSSL library is updated to 0.9.8p.

   The Common Vulnerabilities and Exposures project (cve.mitre.org)    has assigned the names CVE-2010-3864 and CVE-2010-2939 to the    issues addressed in this update.

h. ESXi third-party component cURL updated

   The version of cURL library in ESXi is updated.

   The Common Vulnerabilities and Exposures project (cve.mitre.org)    has assigned the name CVE-2010-0734 to the issues addressed in    this update.

i. ESX third-party component pam_krb5 updated

   The version of pam_krb5 library is updated.

   The Common Vulnerabilities and Exposures project (cve.mitre.org)    has assigned the names CVE-2008-3825 and CVE-2009-1384 to the    issues addressed in the update.

j. ESX third-party update for Service Console kernel

   The Service Console kernel is updated to include kernel version    2.6.18-194.11.1.

   The Common Vulnerabilities and Exposures project (cve.mitre.org)    has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070,    CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524,    CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308,    CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086,    CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291,    CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437,    CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and    CVE-2010-3081 to the issues addressed in the update.

   Notes :
   - The update also addresses the 64-bit compatibility mode    stack pointer underflow issue identified by CVE-2010-3081. This    issue was patched in an ESX 4.1 patch prior to the release of    ESX 4.1 Update 1 and in a previous ESX 4.0 patch release.
   - The update also addresses CVE-2010-2240 for ESX 4.0.

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2010:0610 advisory.

  - kernel: bluetooth: potential bad memory access with sysfs files (CVE-2010-1084)

  - kernel: ext4: Make sure the MOVE_EXT ioctl can't overwrite append-only files (CVE-2010-2066)

  - /kernel/security/CVE-2006-0742 test cause kernel-xen panic on ia64 (CVE-2010-2070)

  - kernel: xfs swapext ioctl minor security issue (CVE-2010-2226)

  - kernel: cifs: Fix a kernel BUG with remote OS/2 server (CVE-2010-2248)

  - kernel: nfsd4: bug in read_buf (CVE-2010-2521)

  - kernel: dns_resolver upcall security issue (CVE-2010-2524)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2010-0610 advisory.

    - [fs] xfs: don't let swapext operate on write-only files (Jiri Pirko) [605160 605161] {CVE-2010-2226}
    - [fs] nfs: fix bug in nfsd4 read_buf (Jiri Olsa) [612034 612035] {CVE-2010-2521}
    - [fs] cifs: reject DNS upcall add_key req from userspace (Jeff Layton) [612170 612171] {CVE-2010-2524}
    - [security] keys: new key flag for add_key from userspace (Jeff Layton) [612170 612171] {CVE-2010-2524}
    - [fs] cifs: fix kernel BUG with remote OS/2 server (Jeff Layton) [608587 608588] {CVE-2010-2248}
    - [net] bluetooth: fix possible bad memory access via sysfs (Mauro Carvalho Chehab) [576020 576021]     {CVE-2010-1084}
    - [xen] ia64: unset be from the task psr (Andrew Jones) [587475 587477] {CVE-2010-2070}
    - [fs] ext4: MOVE_EXT can't overwrite append-only files (Eric Sandeen) [601007 601008] {CVE-2010-2066}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :

  - CVE-2009-4537     Fabian Yamaguchi reported a missing check for Ethernet     frames larger than the MTU in the r8169 driver. This may     allow users on the local network to crash a system,     resulting in a denial of service.

  - CVE-2010-0727     Sachin Prabhu reported an issue in the GFS2 filesystem.
    Local users can trigger a BUG() altering the permissions     on a locked file, resulting in a denial of service.

  - CVE-2010-1083     Linus Torvalds reported an issue in the USB subsystem,     which may allow local users to obtain portions of     sensitive kernel memory.

  - CVE-2010-1084     Neil Brown reported an issue in the Bluetooth subsystem     that may permit remote attackers to overwrite memory     through the creation of large numbers of sockets,     resulting in a denial of service.

  - CVE-2010-1086     Ang Way Chuang reported an issue in the DVB subsystem     for Digital TV adapters. By creating a specially-encoded     MPEG2-TS frame, a remote attacker could cause the     receiver to enter an endless loop, resulting in a denial     of service.

  - CVE-2010-1087     Trond Myklebust reported an issue in the NFS filesystem.
    A local user may cause an oops by sending a fatal signal     during a file truncation operation, resulting in a     denial of service.

  - CVE-2010-1088     Al Viro reported an issue where automount symlinks may     not be followed when LOOKUP_FOLLOW is not set. This has     an unknown security impact.

  - CVE-2010-1162     Catalin Marinas reported an issue in the tty subsystem     that allows local attackers to cause a kernel memory     leak, possibly resulting in a denial of service.

  - CVE-2010-1173     Chris Guo from Nokia China and Jukka Taimisto and Olli     Jarva from Codenomicon Ltd reported an issue in the SCTP     subsystem that allows a remote attacker to cause a     denial of service using a malformed init package.

  - CVE-2010-1187     Neil Hormon reported an issue in the TIPC subsystem.
    Local users can cause a denial of service by way of a     NULL pointer dereference by sending datagrams through     AF_TIPC before entering network mode.

  - CVE-2010-1437     Toshiyuki Okajima reported a race condition in the     keyring subsystem. Local users can cause memory     corruption via keyctl commands that access a keyring in     the process of being deleted, resulting in a denial of     service.

  - CVE-2010-1446     Wufei reported an issue with kgdb on the PowerPC     architecture, allowing local users to write to kernel     memory. Note: this issue does not affect binary kernels     provided by Debian. The fix is provided for the benefit     of users who build their own kernels from Debian source.

  - CVE-2010-1451     Brad Spengler reported an issue on the SPARC     architecture that allows local users to execute     non-executable pages.

This update also includes fixes a regression introduced by a previous update. See the referenced Debian bug page for details.

The remote CentOS system is missing a security update which has been documented in Red Hat advisory RHSA-2010-0610.

ID	Name	Product	Family	Published	Updated	Severity
48301	CentOS 5 : kernel (CESA-2010:0610)	Nessus	CentOS Local Security Checks	8/12/2010	1/4/2021	critical
46810	Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : linux, linux-source-2.6.15 vulnerabilities (USN-947-1)	Nessus	Ubuntu Local Security Checks	6/4/2010	9/19/2019	high
89674	VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check)	Nessus	Misc.	3/4/2016	5/25/2022	high
79507	OracleVM 2.2 : kernel (OVMSA-2013-0039)	Nessus	OracleVM Local Security Checks	11/26/2014	1/4/2021	high
46811	Ubuntu 10.04 LTS : linux regression (USN-947-2)	Nessus	Ubuntu Local Security Checks	6/4/2010	9/19/2019	high
60834	Scientific Linux Security Update : kernel on SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	8/1/2012	1/14/2021	critical
51971	VMSA-2011-0003 : Third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX	Nessus	VMware ESX Local Security Checks	2/14/2011	5/25/2022	high
48312	RHEL 5 : kernel (RHSA-2010:0610)	Nessus	Red Hat Local Security Checks	8/12/2010	4/21/2024	high
68081	Oracle Linux 5 : kernel (ELSA-2010-0610)	Nessus	Oracle Linux Local Security Checks	7/12/2013	11/1/2024	high
46725	Debian DSA-2053-1 : linux-2.6 - privilege escalation/denial of service/information leak	Nessus	Debian Local Security Checks	5/26/2010	1/4/2021	high
801494	CentOS RHSA-2010-0610 Security Check	Log Correlation Engine	Generic			high

Detections

Analytics

Plugins Search

critical

high

high

high

high

critical

high

high

high

high

high