Fedora 9 : kernel-2.6.25.9-76.fc9 (2008-5893)

high Nessus Plugin ID 33404
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Fedora host is missing a security update.

Description

Update kernel from version 2.6.25.6 to 2.6.25.9:
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.7 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.8 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.9 Security updates: CVE-2008-2750: The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux kernel 2.6 before 2.6.26-rc6 allows remote attackers to cause a denial of service (kernel heap memory corruption and system crash) and possibly have unspecified other impact via a crafted PPPOL2TP packet that results in a large value for a certain length variable. CVE-2008-2358: The Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.18, and probably other versions, does not properly check feature lengths, which might allow remote attackers to execute arbitrary code, related to an unspecified 'overflow.' Wireless driver updates: - Upstream wireless fixes from 2008-06-27 (http://marc.info/?l=linux-wireless&m=121459423021061&w=2) - Upstream wireless fixes from 2008-06-25 (http://marc.info/?l=linux- wireless&m=121440912502527&w=2) - Upstream wireless updates from 2008-06-14 (http://marc.info/?l=linux-netdev&m=121346686508160&w=2) - Upstream wireless fixes from 2008-06-09 (http://marc.info/?l=linux- kernel&m=121304710726632&w=2) - Upstream wireless updates from 2008-06-09 (http://marc.info/?l=linux-netdev&m=121304710526613&w=2) Bugs: 444694 - ALi Corporation M5253 P1394 OHCI 1.1 Controller driver causing problems in kernels newer than 2.6.24.3-50 452595 - Problem with SATA/IDE on Abit AN52 449080 - Rsync cannot copy to a vfat partition on kernel 2.6.25 with -p or -a options 449909 - User Mode Linux (UML) broken on Fedora 9 452111 - CVE-2008-2750 kernel: l2tp:
Fix potential memory corruption in pppol2tp-recvmsg() (Heap corruption DoS) [F9] 449872 - [Patch] Bluetooth keyboard not reconnecting after powersave

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected kernel package.

See Also

https://marc.info/?l=linux-

https://marc.info/?l=linux-netdev&m=121304710526613&w=2

https://marc.info/?l=linux-netdev&m=121346686508160&w=2

https://marc.info/?l=linux-wireless&m=121459423021061&w=2

http://www.nessus.org/u?8a720b12

http://www.nessus.org/u?ee81a5c5

http://www.nessus.org/u?fbad01f9

https://bugzilla.redhat.com/show_bug.cgi?id=444694

https://bugzilla.redhat.com/show_bug.cgi?id=449080

https://bugzilla.redhat.com/show_bug.cgi?id=449872

https://bugzilla.redhat.com/show_bug.cgi?id=449909

https://bugzilla.redhat.com/show_bug.cgi?id=452111

https://bugzilla.redhat.com/show_bug.cgi?id=452595

http://www.nessus.org/u?f5b9acba

http://www.nessus.org/u?7a593745

Plugin Details

Severity: High

ID: 33404

File Name: fedora_2008-5893.nasl

Version: 1.19

Type: local

Agent: unix

Published: 7/8/2008

Updated: 1/11/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:kernel, cpe:/o:fedoraproject:fedora:9

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 7/2/2008

Reference Information

CVE: CVE-2008-2358, CVE-2008-2750

BID: 29603, 29747

FEDORA: 2008-5893

CWE: 20, 189