Rapid7 Vulnerability & Exploit Database

RHSA-2011:1849: kernel security and bug fix update

Back to Search

RHSA-2011:1849: kernel security and bug fix update

Severity
5
CVSS
(AV:L/AC:L/Au:N/C:N/I:N/A:C)
Published
12/22/2011
Created
07/25/2018
Added
01/03/2012
Modified
06/21/2018

Description

The kernel packages contain the Linux kernel, the core of any Linuxoperating system.Security fix:In KVM (Kernel-based Virtual Machine) environments using raw format virtiodisks backed by a partition or LVM volume, a privileged guest user couldbypass intended restrictions and issue read and write requests (and otherSCSI commands) on the host, and possibly access the data of other gueststhat reside on the same underlying block device. Partition-based andLVM-based storage pools are not used by default. Refer to Red Hat Bugzillabug 752375 for further details and a mitigation script for users who cannotapply this update immediately. (CVE-2011-4127, Important)Bug fixes:

Solution(s)

  • redhat-upgrade-kernel
  • redhat-upgrade-kernel-bootwrapper
  • redhat-upgrade-kernel-debug
  • redhat-upgrade-kernel-debug-debuginfo
  • redhat-upgrade-kernel-debug-devel
  • redhat-upgrade-kernel-debuginfo
  • redhat-upgrade-kernel-debuginfo-common-i686
  • redhat-upgrade-kernel-debuginfo-common-ppc64
  • redhat-upgrade-kernel-debuginfo-common-s390x
  • redhat-upgrade-kernel-debuginfo-common-x86_64
  • redhat-upgrade-kernel-devel
  • redhat-upgrade-kernel-doc
  • redhat-upgrade-kernel-firmware
  • redhat-upgrade-kernel-headers
  • redhat-upgrade-kernel-kdump
  • redhat-upgrade-kernel-kdump-debuginfo
  • redhat-upgrade-kernel-kdump-devel
  • redhat-upgrade-perf
  • redhat-upgrade-perf-debuginfo
  • redhat-upgrade-python-perf

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;