The Linux kernel handles the basic functions of the operating system.These new kernel packages contain fixes for the following security issues:A memory leak was found in the Red Hat Content Accelerator kernel patch. Alocal user could use this flaw to cause a denial of service (memoryexhaustion). (CVE-2007-5494, Important)A flaw was found in the handling of IEEE 802.11 frames affecting severalwireless LAN modules. In certain circumstances, a remote attacker couldtrigger this flaw by sending a malicious packet over a wireless network andcause a denial of service (kernel crash). (CVE-2007-4997, Important). A flaw was found in the Advanced Linux Sound Architecture (ALSA). A localuser who had the ability to read the /proc/driver/snd-page-alloc file couldsee portions of kernel memory. (CVE-2007-4571, Moderate). In addition to the security issues described above, several bug fixespreventing possible memory corruption, system crashes, SCSI I/O fails,networking drivers performance regression and journaling block device layerissue were also included.Red Hat Enterprise Linux 5 users are advised to upgrade to these packages,which contain backported patches to resolve these issues.Red Hat would like to credit Vasily Averin, Chris Evans, and Neil Kettle for reporting the security issues corrected by this update.
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center