kernel 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1335194639
업데이트 : 2012.04.24
상세내용
2.4.37-11 update
- update 2.4.37.11
- 2.4 커널 마지막 업데이트 버전
security issue
- CVE-2010-3848
Stack-based buffer overflow in the econet_sendmsg function
in net/econet/af_econet.c in the Linux kernel before 2.6.36.2,
when an econet address is configured, allows local users to
gain privileges by providing a large number of iovec structures.
- CVE-2010-3849
The econet_sendmsg function in net/econet/af_econet.c in the Linux
kernel before 2.6.36.2, when an econet address is configured, allows
local users to cause a denial of service (NULL pointer dereference
and OOPS) via a sendmsg call that specifies a NULL value for the
remote address field.
- CVE-2010-3850
The ec_dev_ioctl function in net/econet/af_econet.c in the Linux
kernel before 2.6.36.2 does not require the CAP_NET_ADMIN capability,
which allows local users to bypass intended access restrictions and
configure econet addresses via an SIOCSIFADDR ioctl call.
Autoupdates 지원 : Pakcages System
pkgkernel 이용
http://annyung.oops.org/?m=pkgadm&p=pkgkernel 참조
update 패키지
RPMS :
. kernel-2.4.37-11.i686.rpm
. kernel-bigmem-2.4.37-11.i686.rpm
. kernel-PIII-2.4.37-11.i686.rpm
. kernel-PIV-2.4.37-11.i686.rpm
. kernel-source-2.4.37-11.i386.rpm
. kernel-header-2.4.37-11.i386.rpm
SRPMS :
. kernel-2.4.37-11.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3850
|