Fedora 9 : kernel-2.6.27.12-78.2.8.fc9 (2009-0816)

critical Nessus Plugin ID 35464

Synopsis

The remote Fedora host is missing a security update.

Description

Update to kernel 2.6.27.12:
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.10 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.11 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.12 Includes security fixes: CVE-2009-0029 Linux Kernel insecure 64 bit system call argument passing CVE-2009-0065 kernel: sctp: memory overflow when FWD-TSN chunk is received with bad stream ID Also fixes bug 478299, reported against Fedora 10: AVC denials on kernel 2.6.27.9-159.fc10.x86_64 Reverts ALSA driver to the version that is upstream in kernel 2.6.27. This should fix lack of audio on headphone outputs for some notebooks.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?9af5a301

http://www.nessus.org/u?bbb536f1

http://www.nessus.org/u?ddbb60cd

https://bugzilla.redhat.com/show_bug.cgi?id=480861

https://bugzilla.redhat.com/show_bug.cgi?id=480864

http://www.nessus.org/u?07d70a9e

Plugin Details

Severity: Critical

ID: 35464

File Name: fedora_2009-0816.nasl

Version: 1.19

Type: local

Agent: unix

Published: 1/27/2009

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:kernel, cpe:/o:fedoraproject:fedora:9

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/21/2009

Reference Information

CVE: CVE-2009-0029, CVE-2009-0065

BID: 33113

CWE: 119, 20

FEDORA: 2009-0816