Fedora 10 : kernel-2.6.27.12-170.2.5.fc10 (2009-0923)

critical Nessus Plugin ID 38129

Synopsis

The remote Fedora host is missing a security update.

Description

Update to kernel 2.6.27.12:
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.10 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.11 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.12 Includes security fixes: CVE-2009-0029 Linux Kernel insecure 64 bit system call argument passing CVE-2009-0065 kernel: sctp: memory overflow when FWD-TSN chunk is received with bad stream ID Reverts ALSA driver to the version that is upstream in kernel 2.6.27. This should be the last 2.6.27 kernel update for Fedora 10. A 2.6.28 update kernel is being tested.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?9af5a301

http://www.nessus.org/u?bbb536f1

http://www.nessus.org/u?ddbb60cd

https://bugzilla.redhat.com/show_bug.cgi?id=477954

https://bugzilla.redhat.com/show_bug.cgi?id=478299

https://bugzilla.redhat.com/show_bug.cgi?id=480862

https://bugzilla.redhat.com/show_bug.cgi?id=480866

http://www.nessus.org/u?6a393669

Plugin Details

Severity: Critical

ID: 38129

File Name: fedora_2009-0923.nasl

Version: 1.15

Type: local

Agent: unix

Published: 4/23/2009

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:kernel, cpe:/o:fedoraproject:fedora:10

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 1/24/2009

Reference Information

CVE: CVE-2009-0029, CVE-2009-0065

CWE: 119, 20

FEDORA: 2009-0923