DATABASE RESOURCES PRICING ABOUT US

{"id": "VERACODE:23524", "vendorId": null, "type": "veracode", "bulletinFamily": "software", "title": "Denial Of Service (DoS)", "description": "kernel is vulnerable to denial of service (DoS). The vulnerability exists as the sendmsg() function in the Linux kernel did not block during UNIX socket garbage collection. This could, potentially, lead to a local denial of service.\n", "published": "2020-04-10T00:29:30", "modified": "2022-04-19T18:27:50", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9}, "severity": "MEDIUM", "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {}, "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-23524/summary", "reporter": "Veracode Vulnerability Database", "references": ["http://www.securityfocus.com/archive/1/499044/100/0/threaded", "http://www.securityfocus.com/archive/1/512019/100/0/threaded", "http://www.securityfocus.com/bid/32516", "http://secunia.com/advisories/32913", "http://secunia.com/advisories/32998", "http://secunia.com/advisories/33083", "http://secunia.com/advisories/33348", "http://secunia.com/advisories/33556", "http://secunia.com/advisories/33706", "http://secunia.com/advisories/33756", "http://secunia.com/advisories/33854", "http://securityreason.com/securityalert/4673", "http://osvdb.org/50272", "http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/1.1/html/MRG_Release_Notes/", "http://www.redhat.com/security/updates/classification/#important", "https://access.redhat.com/errata/RHSA-2009:0053", "http://www.debian.org/security/2008/dsa-1681", "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01358.html", "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=473259", "https://bugzilla.redhat.com/show_bug.cgi?id=470201", "https://issues.rpath.com/browse/RPL-2915", "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0332", "https://exchange.xforce.ibmcloud.com/vulnerabilities/46943", "http://marc.info/?l=linux-netdev&m=122721862313564&w=2", "http://marc.info/?l=linux-netdev&m=122765505415944&w=2", "http://www.mandriva.com/security/advisories?name=MDVSA-2009:032", "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10283", "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11427", "http://www.redhat.com/support/errata/RHSA-2009-0014.html", "http://www.redhat.com/support/errata/RHSA-2009-0053.html", "https://rhn.redhat.com/errata/RHSA-2009-1550.html", "https://usn.ubuntu.com/714-1/", "http://www.ubuntu.com/usn/usn-715-1"], "cvelist": ["CVE-2008-5300"], "immutableFields": [], "lastseen": "2022-07-27T10:31:02", "viewCount": 4, "enchantments": {"score": {"value": 3.2, "vector": "NONE"}, "dependencies": {"references": [{"type": "centos", "idList": ["CESA-2009:0014", "CESA-2009:1550"]}, {"type": "cve", "idList": ["CVE-2008-5300"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1681-1:67CE4", "DEBIAN:DSA-1687-1:1BA38"]}, {"type": "fedora", "idList": ["FEDORA:2A46A208DA7", "FEDORA:BB6D9208DB1"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2009-0014.NASL", "CENTOS_RHSA-2009-1550.NASL", "DEBIAN_DSA-1681.NASL", "DEBIAN_DSA-1687.NASL", "FEDORA_2008-11593.NASL", "FEDORA_2008-11618.NASL", "MANDRIVA_MDVSA-2009-032.NASL", "ORACLELINUX_ELSA-2009-0014.NASL", "ORACLELINUX_ELSA-2009-1550.NASL", "REDHAT-RHSA-2009-0014.NASL", "REDHAT-RHSA-2009-0021.NASL", "REDHAT-RHSA-2009-0225.NASL", "REDHAT-RHSA-2009-1550.NASL", "SL_20090114_KERNEL_ON_SL4_X.NASL", "SL_20091103_KERNEL_ON_SL3_X.NASL", "SUSE_11_0_KERNEL-090114.NASL", "UBUNTU_USN-714-1.NASL", "UBUNTU_USN-715-1.NASL", "VMWARE_VMSA-2010-0010.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310122525", "OPENVAS:136141256231063191", "OPENVAS:136141256231063224", "OPENVAS:136141256231063245", "OPENVAS:136141256231063285", "OPENVAS:136141256231063317", "OPENVAS:136141256231063433", "OPENVAS:136141256231066178", "OPENVAS:136141256231066217", "OPENVAS:1361412562310880838", "OPENVAS:1361412562310880928", "OPENVAS:62843", "OPENVAS:62957", "OPENVAS:63191", "OPENVAS:63224", "OPENVAS:63245", "OPENVAS:63285", "OPENVAS:63309", "OPENVAS:63317", "OPENVAS:63433", "OPENVAS:66178", "OPENVAS:66217", "OPENVAS:860465", "OPENVAS:860598", "OPENVAS:880838", "OPENVAS:880928"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-0014", "ELSA-2009-0225", "ELSA-2009-1550"]}, {"type": "osv", "idList": ["OSV:DSA-1681-1", "OSV:DSA-1687-1"]}, {"type": "redhat", "idList": ["RHSA-2009:0014", "RHSA-2009:0021", "RHSA-2009:0053", "RHSA-2009:0225", "RHSA-2009:1550"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9488", "SECURITYVULNS:VULN:9633"]}, {"type": "suse", "idList": ["SUSE-SA:2009:003"]}, {"type": "ubuntu", "idList": ["USN-714-1", "USN-715-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-5300"]}, {"type": "vmware", "idList": ["VMSA-2010-0010"]}]}, "epss": [{"cve": "CVE-2008-5300", "epss": "0.000440000", "percentile": "0.081850000", "modified": "2023-03-19"}], "vulnersScore": 3.2}, "_state": {"dependencies": 1659986029, "score": 1684014897, "affected_software_major_version": 1666695388, "epss": 1679301741}, "_internal": {"score_hash": "1c5dc6ec093d867b2f75d3603e972d81"}, "affectedSoftware": [{"version": "2.6.24.7__81.el5rt", "operator": "eq", "name": "kernel-rt"}, {"version": "2.6.24.7__74.el5rt", "operator": "eq", "name": "kernel-rt"}, {"version": "2.6.24.7__93.el5rt", "operator": "eq", "name": "kernel-rt"}, {"version": "2.6.18__8.1.14.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__8.1.3.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__92.1.1.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__92.1.17.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__92.1.18.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__92.1.13.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__8.1.3.lspp.80.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__92.1.22.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__8.1.8.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__92.1.10.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__53.1.4.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__53.1.19.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__8.1.3.lspp.81.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__8.1.1.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__8.1.4.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__53.1.14.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__53.1.21.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__53.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__8.1.10.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__8.1.6.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__92.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__8.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__53.1.13.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__8.1.15.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__92.1.6.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__53.1.6.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.24.7__81.el5rt", "operator": "eq", "name": "kernel-rt"}, {"version": "2.6.24.7__74.el5rt", "operator": "eq", "name": "kernel-rt"}, {"version": "2.6.24.7__93.el5rt", "operator": "eq", "name": "kernel-rt"}, {"version": "2.6.18__8.1.14.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__8.1.3.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__92.1.1.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__92.1.17.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__92.1.18.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__92.1.13.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__8.1.3.lspp.80.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__92.1.22.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__8.1.8.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__92.1.10.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__53.1.4.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__53.1.19.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__8.1.3.lspp.81.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__8.1.1.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__8.1.4.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__53.1.14.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__53.1.21.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__53.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__8.1.10.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__8.1.6.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__92.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__8.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__53.1.13.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__8.1.15.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__92.1.6.el5", "operator": "eq", "name": "kernel"}, {"version": "2.6.18__53.1.6.el5", "operator": "eq", "name": "kernel"}]}

{"cve": [{"lastseen": "2023-06-12T14:23:01", "description": "Linux kernel 2.6.28 allows local users to cause a denial of service (\"soft lockup\" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029.", "cvss3": {}, "published": "2008-12-01T17:30:00", "type": "cve", "title": "CVE-2008-5300", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5029", "CVE-2008-5300"], "modified": "2018-10-11T20:54:00", "cpe": ["cpe:/o:linux:linux_kernel:2.6.28"], "id": "CVE-2008-5300", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5300", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:2.6.28:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.28:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.28:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.28:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.28:rc1:*:*:*:*:*:*"]}], "ubuntucve": [{"lastseen": "2023-06-28T15:22:04", "description": "Linux kernel 2.6.28 allows local users to cause a denial of service (\"soft\nlockup\" and process loss) via a large number of sendmsg function calls,\nwhich does not block during AF_UNIX garbage collection and triggers an OOM\ncondition, a different vulnerability than CVE-2008-5029.", "cvss3": {}, "published": "2008-12-01T00:00:00", "type": "ubuntucve", "title": "CVE-2008-5300", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5029", "CVE-2008-5300"], "modified": "2008-12-01T00:00:00", "id": "UB:CVE-2008-5300", "href": "https://ubuntu.com/security/CVE-2008-5300", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "openvas": [{"lastseen": "2018-04-06T11:38:18", "description": "The remote host is missing an update to kernel\nannounced via advisory MDVSA-2009:032.", "cvss3": {}, "published": "2009-02-02T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:032 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5029", "CVE-2008-5079", "CVE-2008-5300"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063285", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063285", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_032.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:032 (kernel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Some vulnerabilities were discovered and corrected in the Linux\n2.6 kernel:\n\nnet/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8\nand earlier allows local users to cause a denial of service (kernel\ninfinite loop) by making two calls to svc_listen for the same socket,\nand then reading a /proc/net/atm/*vc file, related to corruption of\nthe vcc table. (CVE-2008-5079)\n\nLinux kernel 2.6.28 allows local users to cause a denial of service\n(soft lockup and process loss) via a large number of sendmsg function\ncalls, which does not block during AF_UNIX garbage collection\nand triggers an OOM condition, a different vulnerability than\nCVE-2008-5029. (CVE-2008-5300)\n\nAdditionally, wireless and hotkeys support for Asus EEE were fixed,\nsystems with HDA sound needing MSI support were added to the quirks\nlist to be autodetected, STAC92HD71Bx and STAC92HD75Bx based HDA\nsupport was enhanced and fixed, support for HDA sound on Acer Aspire\n8930 was added, Dell Inspiron Mini 9 HDA sound support was added, CIFS\nfilesystem should now work with Kerberos, and a few more things. Check\nthe package changelog for details.\n\nTo update your kernel, please follow the directions located at:\n\nhttp://www.mandriva.com/en/security/kernelupdate\n\nAffected: 2009.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:032\";\ntag_summary = \"The remote host is missing an update to kernel\nannounced via advisory MDVSA-2009:032.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63285\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-02 23:28:24 +0100 (Mon, 02 Feb 2009)\");\n script_cve_id(\"CVE-2008-5079\", \"CVE-2008-5029\", \"CVE-2008-5300\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:032 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"alsa_raoppcm-kernel-2.6.27.10-desktop-1mnb\", rpm:\"alsa_raoppcm-kernel-2.6.27.10-desktop-1mnb~0.5.1~2mdv2008.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"alsa_raoppcm-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"alsa_raoppcm-kernel-2.6.27.10-desktop586-1mnb~0.5.1~2mdv2008.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"alsa_raoppcm-kernel-2.6.27.10-server-1mnb\", rpm:\"alsa_raoppcm-kernel-2.6.27.10-server-1mnb~0.5.1~2mdv2008.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"alsa_raoppcm-kernel-desktop586-latest\", rpm:\"alsa_raoppcm-kernel-desktop586-latest~0.5.1~1.20090130.2mdv2008.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"alsa_raoppcm-kernel-desktop-latest\", rpm:\"alsa_raoppcm-kernel-desktop-latest~0.5.1~1.20090130.2mdv2008.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"alsa_raoppcm-kernel-server-latest\", rpm:\"alsa_raoppcm-kernel-server-latest~0.5.1~1.20090130.2mdv2008.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"drm-experimental-kernel-2.6.27.10-desktop-1mnb\", rpm:\"drm-experimental-kernel-2.6.27.10-desktop-1mnb~2.3.0~2.20080912.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"drm-experimental-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"drm-experimental-kernel-2.6.27.10-desktop586-1mnb~2.3.0~2.20080912.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"drm-experimental-kernel-2.6.27.10-server-1mnb\", rpm:\"drm-experimental-kernel-2.6.27.10-server-1mnb~2.3.0~2.20080912.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"drm-experimental-kernel-desktop586-latest\", rpm:\"drm-experimental-kernel-desktop586-latest~2.3.0~1.20090130.2.20080912.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"drm-experimental-kernel-desktop-latest\", rpm:\"drm-experimental-kernel-desktop-latest~2.3.0~1.20090130.2.20080912.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"drm-experimental-kernel-server-latest\", rpm:\"drm-experimental-kernel-server-latest~2.3.0~1.20090130.2.20080912.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"et131x-kernel-2.6.27.10-desktop-1mnb\", rpm:\"et131x-kernel-2.6.27.10-desktop-1mnb~1.2.3~7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"et131x-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"et131x-kernel-2.6.27.10-desktop586-1mnb~1.2.3~7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"et131x-kernel-2.6.27.10-server-1mnb\", rpm:\"et131x-kernel-2.6.27.10-server-1mnb~1.2.3~7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"et131x-kernel-desktop586-latest\", rpm:\"et131x-kernel-desktop586-latest~1.2.3~1.20090130.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"et131x-kernel-desktop-latest\", rpm:\"et131x-kernel-desktop-latest~1.2.3~1.20090130.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"et131x-kernel-server-latest\", rpm:\"et131x-kernel-server-latest~1.2.3~1.20090130.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fcpci-kernel-2.6.27.10-desktop-1mnb\", rpm:\"fcpci-kernel-2.6.27.10-desktop-1mnb~3.11.07~7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fcpci-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"fcpci-kernel-2.6.27.10-desktop586-1mnb~3.11.07~7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fcpci-kernel-2.6.27.10-server-1mnb\", rpm:\"fcpci-kernel-2.6.27.10-server-1mnb~3.11.07~7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fcpci-kernel-desktop586-latest\", rpm:\"fcpci-kernel-desktop586-latest~3.11.07~1.20090130.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fcpci-kernel-desktop-latest\", rpm:\"fcpci-kernel-desktop-latest~3.11.07~1.20090130.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fcpci-kernel-server-latest\", rpm:\"fcpci-kernel-server-latest~3.11.07~1.20090130.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fglrx-kernel-2.6.27.10-desktop-1mnb\", rpm:\"fglrx-kernel-2.6.27.10-desktop-1mnb~8.522~3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fglrx-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"fglrx-kernel-2.6.27.10-desktop586-1mnb~8.522~3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fglrx-kernel-2.6.27.10-server-1mnb\", rpm:\"fglrx-kernel-2.6.27.10-server-1mnb~8.522~3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fglrx-kernel-desktop586-latest\", rpm:\"fglrx-kernel-desktop586-latest~8.522~1.20090130.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fglrx-kernel-desktop-latest\", rpm:\"fglrx-kernel-desktop-latest~8.522~1.20090130.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fglrx-kernel-server-latest\", rpm:\"fglrx-kernel-server-latest~8.522~1.20090130.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnbd-kernel-2.6.27.10-desktop-1mnb\", rpm:\"gnbd-kernel-2.6.27.10-desktop-1mnb~2.03.07~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnbd-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"gnbd-kernel-2.6.27.10-desktop586-1mnb~2.03.07~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnbd-kernel-2.6.27.10-server-1mnb\", rpm:\"gnbd-kernel-2.6.27.10-server-1mnb~2.03.07~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnbd-kernel-desktop586-latest\", rpm:\"gnbd-kernel-desktop586-latest~2.03.07~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnbd-kernel-desktop-latest\", rpm:\"gnbd-kernel-desktop-latest~2.03.07~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnbd-kernel-server-latest\", rpm:\"gnbd-kernel-server-latest~2.03.07~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hcfpcimodem-kernel-2.6.27.10-desktop-1mnb\", rpm:\"hcfpcimodem-kernel-2.6.27.10-desktop-1mnb~1.17~1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hcfpcimodem-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"hcfpcimodem-kernel-2.6.27.10-desktop586-1mnb~1.17~1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hcfpcimodem-kernel-2.6.27.10-server-1mnb\", rpm:\"hcfpcimodem-kernel-2.6.27.10-server-1mnb~1.17~1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hcfpcimodem-kernel-desktop586-latest\", rpm:\"hcfpcimodem-kernel-desktop586-latest~1.17~1.20090130.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hcfpcimodem-kernel-desktop-latest\", rpm:\"hcfpcimodem-kernel-desktop-latest~1.17~1.20090130.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hcfpcimodem-kernel-server-latest\", rpm:\"hcfpcimodem-kernel-server-latest~1.17~1.20090130.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hsfmodem-kernel-2.6.27.10-desktop-1mnb\", rpm:\"hsfmodem-kernel-2.6.27.10-desktop-1mnb~7.68.00.13~1.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hsfmodem-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"hsfmodem-kernel-2.6.27.10-desktop586-1mnb~7.68.00.13~1.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hsfmodem-kernel-2.6.27.10-server-1mnb\", rpm:\"hsfmodem-kernel-2.6.27.10-server-1mnb~7.68.00.13~1.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hsfmodem-kernel-desktop586-latest\", rpm:\"hsfmodem-kernel-desktop586-latest~7.68.00.13~1.20090130.1.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hsfmodem-kernel-desktop-latest\", rpm:\"hsfmodem-kernel-desktop-latest~7.68.00.13~1.20090130.1.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hsfmodem-kernel-server-latest\", rpm:\"hsfmodem-kernel-server-latest~7.68.00.13~1.20090130.1.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hso-kernel-2.6.27.10-desktop-1mnb\", rpm:\"hso-kernel-2.6.27.10-desktop-1mnb~1.2~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hso-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"hso-kernel-2.6.27.10-desktop586-1mnb~1.2~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hso-kernel-2.6.27.10-server-1mnb\", rpm:\"hso-kernel-2.6.27.10-server-1mnb~1.2~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hso-kernel-desktop586-latest\", rpm:\"hso-kernel-desktop586-latest~1.2~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hso-kernel-desktop-latest\", rpm:\"hso-kernel-desktop-latest~1.2~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hso-kernel-server-latest\", rpm:\"hso-kernel-server-latest~1.2~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"iscsitarget-kernel-2.6.27.10-desktop-1mnb\", rpm:\"iscsitarget-kernel-2.6.27.10-desktop-1mnb~0.4.16~4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"iscsitarget-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"iscsitarget-kernel-2.6.27.10-desktop586-1mnb~0.4.16~4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"iscsitarget-kernel-2.6.27.10-server-1mnb\", rpm:\"iscsitarget-kernel-2.6.27.10-server-1mnb~0.4.16~4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"iscsitarget-kernel-desktop586-latest\", rpm:\"iscsitarget-kernel-desktop586-latest~0.4.16~1.20090130.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"iscsitarget-kernel-desktop-latest\", rpm:\"iscsitarget-kernel-desktop-latest~0.4.16~1.20090130.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"iscsitarget-kernel-server-latest\", rpm:\"iscsitarget-kernel-server-latest~0.4.16~1.20090130.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-2.6.27.10-1mnb\", rpm:\"kernel-2.6.27.10-1mnb~1~1mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-desktop-2.6.27.10-1mnb\", rpm:\"kernel-desktop-2.6.27.10-1mnb~1~1mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-desktop586-2.6.27.10-1mnb\", rpm:\"kernel-desktop586-2.6.27.10-1mnb~1~1mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-desktop586-devel-2.6.27.10-1mnb\", rpm:\"kernel-desktop586-devel-2.6.27.10-1mnb~1~1mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-desktop586-devel-latest\", rpm:\"kernel-desktop586-devel-latest~2.6.27.10~1mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-desktop586-latest\", rpm:\"kernel-desktop586-latest~2.6.27.10~1mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-desktop-devel-2.6.27.10-1mnb\", rpm:\"kernel-desktop-devel-2.6.27.10-1mnb~1~1mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-desktop-devel-latest\", rpm:\"kernel-desktop-devel-latest~2.6.27.10~1mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-desktop-latest\", rpm:\"kernel-desktop-latest~2.6.27.10~1mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.27.10~1mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-server-2.6.27.10-1mnb\", rpm:\"kernel-server-2.6.27.10-1mnb~1~1mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-server-devel-2.6.27.10-1mnb\", rpm:\"kernel-server-devel-2.6.27.10-1mnb~1~1mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-server-devel-latest\", rpm:\"kernel-server-devel-latest~2.6.27.10~1mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-server-latest\", rpm:\"kernel-server-latest~2.6.27.10~1mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source-2.6.27.10-1mnb\", rpm:\"kernel-source-2.6.27.10-1mnb~1~1mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source-latest\", rpm:\"kernel-source-latest~2.6.27.10~1mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kqemu-kernel-2.6.27.10-desktop-1mnb\", rpm:\"kqemu-kernel-2.6.27.10-desktop-1mnb~1.4.0pre1~0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kqemu-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"kqemu-kernel-2.6.27.10-desktop586-1mnb~1.4.0pre1~0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kqemu-kernel-2.6.27.10-server-1mnb\", rpm:\"kqemu-kernel-2.6.27.10-server-1mnb~1.4.0pre1~0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kqemu-kernel-desktop586-latest\", rpm:\"kqemu-kernel-desktop586-latest~1.4.0pre1~1.20090130.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kqemu-kernel-desktop-latest\", rpm:\"kqemu-kernel-desktop-latest~1.4.0pre1~1.20090130.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kqemu-kernel-server-latest\", rpm:\"kqemu-kernel-server-latest~1.4.0pre1~1.20090130.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lirc-kernel-2.6.27.10-desktop-1mnb\", rpm:\"lirc-kernel-2.6.27.10-desktop-1mnb~0.8.3~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lirc-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"lirc-kernel-2.6.27.10-desktop586-1mnb~0.8.3~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lirc-kernel-2.6.27.10-server-1mnb\", rpm:\"lirc-kernel-2.6.27.10-server-1mnb~0.8.3~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lirc-kernel-desktop586-latest\", rpm:\"lirc-kernel-desktop586-latest~0.8.3~1.20090130.4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lirc-kernel-desktop-latest\", rpm:\"lirc-kernel-desktop-latest~0.8.3~1.20090130.4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lirc-kernel-server-latest\", rpm:\"lirc-kernel-server-latest~0.8.3~1.20090130.4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lzma-kernel-2.6.27.10-desktop-1mnb\", rpm:\"lzma-kernel-2.6.27.10-desktop-1mnb~4.43~24mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lzma-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"lzma-kernel-2.6.27.10-desktop586-1mnb~4.43~24mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lzma-kernel-2.6.27.10-server-1mnb\", rpm:\"lzma-kernel-2.6.27.10-server-1mnb~4.43~24mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lzma-kernel-desktop586-latest\", rpm:\"lzma-kernel-desktop586-latest~4.43~1.20090130.24mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lzma-kernel-desktop-latest\", rpm:\"lzma-kernel-desktop-latest~4.43~1.20090130.24mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lzma-kernel-server-latest\", rpm:\"lzma-kernel-server-latest~4.43~1.20090130.24mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"madwifi-kernel-2.6.27.10-desktop-1mnb\", rpm:\"madwifi-kernel-2.6.27.10-desktop-1mnb~0.9.4~3.r3835mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"madwifi-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"madwifi-kernel-2.6.27.10-desktop586-1mnb~0.9.4~3.r3835mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"madwifi-kernel-2.6.27.10-server-1mnb\", rpm:\"madwifi-kernel-2.6.27.10-server-1mnb~0.9.4~3.r3835mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"madwifi-kernel-desktop586-latest\", rpm:\"madwifi-kernel-desktop586-latest~0.9.4~1.20090130.3.r3835mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"madwifi-kernel-desktop-latest\", rpm:\"madwifi-kernel-desktop-latest~0.9.4~1.20090130.3.r3835mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"madwifi-kernel-server-latest\", rpm:\"madwifi-kernel-server-latest~0.9.4~1.20090130.3.r3835mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia173-kernel-2.6.27.10-desktop-1mnb\", rpm:\"nvidia173-kernel-2.6.27.10-desktop-1mnb~173.14.12~4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia173-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"nvidia173-kernel-2.6.27.10-desktop586-1mnb~173.14.12~4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia173-kernel-desktop586-latest\", rpm:\"nvidia173-kernel-desktop586-latest~173.14.12~1.20090130.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia173-kernel-desktop-latest\", rpm:\"nvidia173-kernel-desktop-latest~173.14.12~1.20090130.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia71xx-kernel-2.6.27.10-desktop-1mnb\", rpm:\"nvidia71xx-kernel-2.6.27.10-desktop-1mnb~71.86.06~5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia71xx-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"nvidia71xx-kernel-2.6.27.10-desktop586-1mnb~71.86.06~5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia71xx-kernel-2.6.27.10-server-1mnb\", rpm:\"nvidia71xx-kernel-2.6.27.10-server-1mnb~71.86.06~5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia71xx-kernel-desktop586-latest\", rpm:\"nvidia71xx-kernel-desktop586-latest~71.86.06~1.20090130.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia71xx-kernel-desktop-latest\", rpm:\"nvidia71xx-kernel-desktop-latest~71.86.06~1.20090130.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia71xx-kernel-server-latest\", rpm:\"nvidia71xx-kernel-server-latest~71.86.06~1.20090130.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia96xx-kernel-2.6.27.10-desktop-1mnb\", rpm:\"nvidia96xx-kernel-2.6.27.10-desktop-1mnb~96.43.07~5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia96xx-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"nvidia96xx-kernel-2.6.27.10-desktop586-1mnb~96.43.07~5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia96xx-kernel-2.6.27.10-server-1mnb\", rpm:\"nvidia96xx-kernel-2.6.27.10-server-1mnb~96.43.07~5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia96xx-kernel-desktop586-latest\", rpm:\"nvidia96xx-kernel-desktop586-latest~96.43.07~1.20090130.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia96xx-kernel-desktop-latest\", rpm:\"nvidia96xx-kernel-desktop-latest~96.43.07~1.20090130.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia96xx-kernel-server-latest\", rpm:\"nvidia96xx-kernel-server-latest~96.43.07~1.20090130.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia-current-kernel-2.6.27.10-desktop-1mnb\", rpm:\"nvidia-current-kernel-2.6.27.10-desktop-1mnb~177.70~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia-current-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"nvidia-current-kernel-2.6.27.10-desktop586-1mnb~177.70~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia-current-kernel-2.6.27.10-server-1mnb\", rpm:\"nvidia-current-kernel-2.6.27.10-server-1mnb~177.70~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia-current-kernel-desktop586-latest\", rpm:\"nvidia-current-kernel-desktop586-latest~177.70~1.20090130.2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia-current-kernel-desktop-latest\", rpm:\"nvidia-current-kernel-desktop-latest~177.70~1.20090130.2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia-current-kernel-server-latest\", rpm:\"nvidia-current-kernel-server-latest~177.70~1.20090130.2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"omfs-kernel-2.6.27.10-desktop-1mnb\", rpm:\"omfs-kernel-2.6.27.10-desktop-1mnb~0.8.0~1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"omfs-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"omfs-kernel-2.6.27.10-desktop586-1mnb~0.8.0~1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"omfs-kernel-2.6.27.10-server-1mnb\", rpm:\"omfs-kernel-2.6.27.10-server-1mnb~0.8.0~1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"omfs-kernel-desktop586-latest\", rpm:\"omfs-kernel-desktop586-latest~0.8.0~1.20090130.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"omfs-kernel-desktop-latest\", rpm:\"omfs-kernel-desktop-latest~0.8.0~1.20090130.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"omfs-kernel-server-latest\", rpm:\"omfs-kernel-server-latest~0.8.0~1.20090130.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"omnibook-kernel-2.6.27.10-desktop-1mnb\", rpm:\"omnibook-kernel-2.6.27.10-desktop-1mnb~20080513~0.274.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"omnibook-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"omnibook-kernel-2.6.27.10-desktop586-1mnb~20080513~0.274.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"omnibook-kernel-2.6.27.10-server-1mnb\", rpm:\"omnibook-kernel-2.6.27.10-server-1mnb~20080513~0.274.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"omnibook-kernel-desktop586-latest\", rpm:\"omnibook-kernel-desktop586-latest~20080513~1.20090130.0.274.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"omnibook-kernel-desktop-latest\", rpm:\"omnibook-kernel-desktop-latest~20080513~1.20090130.0.274.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"omnibook-kernel-server-latest\", rpm:\"omnibook-kernel-server-latest~20080513~1.20090130.0.274.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"opencbm-kernel-2.6.27.10-desktop-1mnb\", rpm:\"opencbm-kernel-2.6.27.10-desktop-1mnb~0.4.2a~1mdv2008.1\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"opencbm-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"opencbm-kernel-2.6.27.10-desktop586-1mnb~0.4.2a~1mdv2008.1\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"opencbm-kernel-2.6.27.10-server-1mnb\", rpm:\"opencbm-kernel-2.6.27.10-server-1mnb~0.4.2a~1mdv2008.1\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"opencbm-kernel-desktop586-latest\", rpm:\"opencbm-kernel-desktop586-latest~0.4.2a~1.20090130.1mdv2008.1\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"opencbm-kernel-desktop-latest\", rpm:\"opencbm-kernel-desktop-latest~0.4.2a~1.20090130.1mdv2008.1\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"opencbm-kernel-server-latest\", rpm:\"opencbm-kernel-server-latest~0.4.2a~1.20090130.1mdv2008.1\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ov51x-jpeg-kernel-2.6.27.10-desktop-1mnb\", rpm:\"ov51x-jpeg-kernel-2.6.27.10-desktop-1mnb~1.5.9~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ov51x-jpeg-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"ov51x-jpeg-kernel-2.6.27.10-desktop586-1mnb~1.5.9~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ov51x-jpeg-kernel-2.6.27.10-server-1mnb\", rpm:\"ov51x-jpeg-kernel-2.6.27.10-server-1mnb~1.5.9~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ov51x-jpeg-kernel-desktop586-latest\", rpm:\"ov51x-jpeg-kernel-desktop586-latest~1.5.9~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ov51x-jpeg-kernel-desktop-latest\", rpm:\"ov51x-jpeg-kernel-desktop-latest~1.5.9~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ov51x-jpeg-kernel-server-latest\", rpm:\"ov51x-jpeg-kernel-server-latest~1.5.9~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"qc-usb-kernel-2.6.27.10-desktop-1mnb\", rpm:\"qc-usb-kernel-2.6.27.10-desktop-1mnb~0.6.6~6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"qc-usb-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"qc-usb-kernel-2.6.27.10-desktop586-1mnb~0.6.6~6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"qc-usb-kernel-2.6.27.10-server-1mnb\", rpm:\"qc-usb-kernel-2.6.27.10-server-1mnb~0.6.6~6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"qc-usb-kernel-desktop586-latest\", rpm:\"qc-usb-kernel-desktop586-latest~0.6.6~1.20090130.6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"qc-usb-kernel-desktop-latest\", rpm:\"qc-usb-kernel-desktop-latest~0.6.6~1.20090130.6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"qc-usb-kernel-server-latest\", rpm:\"qc-usb-kernel-server-latest~0.6.6~1.20090130.6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rt2860-kernel-2.6.27.10-desktop-1mnb\", rpm:\"rt2860-kernel-2.6.27.10-desktop-1mnb~1.7.0.0~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rt2860-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"rt2860-kernel-2.6.27.10-desktop586-1mnb~1.7.0.0~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rt2860-kernel-2.6.27.10-server-1mnb\", rpm:\"rt2860-kernel-2.6.27.10-server-1mnb~1.7.0.0~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rt2860-kernel-desktop586-latest\", rpm:\"rt2860-kernel-desktop586-latest~1.7.0.0~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rt2860-kernel-desktop-latest\", rpm:\"rt2860-kernel-desktop-latest~1.7.0.0~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rt2860-kernel-server-latest\", rpm:\"rt2860-kernel-server-latest~1.7.0.0~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rt2870-kernel-2.6.27.10-desktop-1mnb\", rpm:\"rt2870-kernel-2.6.27.10-desktop-1mnb~1.3.1.0~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rt2870-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"rt2870-kernel-2.6.27.10-desktop586-1mnb~1.3.1.0~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rt2870-kernel-2.6.27.10-server-1mnb\", rpm:\"rt2870-kernel-2.6.27.10-server-1mnb~1.3.1.0~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rt2870-kernel-desktop586-latest\", rpm:\"rt2870-kernel-desktop586-latest~1.3.1.0~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rt2870-kernel-desktop-latest\", rpm:\"rt2870-kernel-desktop-latest~1.3.1.0~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rt2870-kernel-server-latest\", rpm:\"rt2870-kernel-server-latest~1.3.1.0~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rtl8187se-kernel-2.6.27.10-desktop-1mnb\", rpm:\"rtl8187se-kernel-2.6.27.10-desktop-1mnb~1016.20080716~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rtl8187se-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"rtl8187se-kernel-2.6.27.10-desktop586-1mnb~1016.20080716~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rtl8187se-kernel-2.6.27.10-server-1mnb\", rpm:\"rtl8187se-kernel-2.6.27.10-server-1mnb~1016.20080716~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rtl8187se-kernel-desktop586-latest\", rpm:\"rtl8187se-kernel-desktop586-latest~1016.20080716~1.20090130.1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rtl8187se-kernel-desktop-latest\", rpm:\"rtl8187se-kernel-desktop-latest~1016.20080716~1.20090130.1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rtl8187se-kernel-server-latest\", rpm:\"rtl8187se-kernel-server-latest~1016.20080716~1.20090130.1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"slmodem-kernel-2.6.27.10-desktop-1mnb\", rpm:\"slmodem-kernel-2.6.27.10-desktop-1mnb~2.9.11~0.20080817.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"slmodem-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"slmodem-kernel-2.6.27.10-desktop586-1mnb~2.9.11~0.20080817.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"slmodem-kernel-2.6.27.10-server-1mnb\", rpm:\"slmodem-kernel-2.6.27.10-server-1mnb~2.9.11~0.20080817.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"slmodem-kernel-desktop586-latest\", rpm:\"slmodem-kernel-desktop586-latest~2.9.11~1.20090130.0.20080817.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"slmodem-kernel-desktop-latest\", rpm:\"slmodem-kernel-desktop-latest~2.9.11~1.20090130.0.20080817.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"slmodem-kernel-server-latest\", rpm:\"slmodem-kernel-server-latest~2.9.11~1.20090130.0.20080817.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squashfs-lzma-kernel-2.6.27.10-desktop-1mnb\", rpm:\"squashfs-lzma-kernel-2.6.27.10-desktop-1mnb~3.3~5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squashfs-lzma-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"squashfs-lzma-kernel-2.6.27.10-desktop586-1mnb~3.3~5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squashfs-lzma-kernel-2.6.27.10-server-1mnb\", rpm:\"squashfs-lzma-kernel-2.6.27.10-server-1mnb~3.3~5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squashfs-lzma-kernel-desktop586-latest\", rpm:\"squashfs-lzma-kernel-desktop586-latest~3.3~1.20090130.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squashfs-lzma-kernel-desktop-latest\", rpm:\"squashfs-lzma-kernel-desktop-latest~3.3~1.20090130.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squashfs-lzma-kernel-server-latest\", rpm:\"squashfs-lzma-kernel-server-latest~3.3~1.20090130.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tp_smapi-kernel-2.6.27.10-desktop-1mnb\", rpm:\"tp_smapi-kernel-2.6.27.10-desktop-1mnb~0.37~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tp_smapi-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"tp_smapi-kernel-2.6.27.10-desktop586-1mnb~0.37~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tp_smapi-kernel-2.6.27.10-server-1mnb\", rpm:\"tp_smapi-kernel-2.6.27.10-server-1mnb~0.37~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tp_smapi-kernel-desktop586-latest\", rpm:\"tp_smapi-kernel-desktop586-latest~0.37~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tp_smapi-kernel-desktop-latest\", rpm:\"tp_smapi-kernel-desktop-latest~0.37~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tp_smapi-kernel-server-latest\", rpm:\"tp_smapi-kernel-server-latest~0.37~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vboxadd-kernel-2.6.27.10-desktop-1mnb\", rpm:\"vboxadd-kernel-2.6.27.10-desktop-1mnb~2.0.2~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vboxadd-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"vboxadd-kernel-2.6.27.10-desktop586-1mnb~2.0.2~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vboxadd-kernel-2.6.27.10-server-1mnb\", rpm:\"vboxadd-kernel-2.6.27.10-server-1mnb~2.0.2~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vboxadd-kernel-desktop586-latest\", rpm:\"vboxadd-kernel-desktop586-latest~2.0.2~1.20090130.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vboxadd-kernel-desktop-latest\", rpm:\"vboxadd-kernel-desktop-latest~2.0.2~1.20090130.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vboxadd-kernel-server-latest\", rpm:\"vboxadd-kernel-server-latest~2.0.2~1.20090130.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vboxvfs-kernel-2.6.27.10-desktop-1mnb\", rpm:\"vboxvfs-kernel-2.6.27.10-desktop-1mnb~2.0.2~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vboxvfs-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"vboxvfs-kernel-2.6.27.10-desktop586-1mnb~2.0.2~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vboxvfs-kernel-2.6.27.10-server-1mnb\", rpm:\"vboxvfs-kernel-2.6.27.10-server-1mnb~2.0.2~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vboxvfs-kernel-desktop586-latest\", rpm:\"vboxvfs-kernel-desktop586-latest~2.0.2~1.20090130.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vboxvfs-kernel-desktop-latest\", rpm:\"vboxvfs-kernel-desktop-latest~2.0.2~1.20090130.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vboxvfs-kernel-server-latest\", rpm:\"vboxvfs-kernel-server-latest~2.0.2~1.20090130.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vhba-kernel-2.6.27.10-desktop-1mnb\", rpm:\"vhba-kernel-2.6.27.10-desktop-1mnb~1.0.0~1.svn304.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vhba-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"vhba-kernel-2.6.27.10-desktop586-1mnb~1.0.0~1.svn304.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vhba-kernel-2.6.27.10-server-1mnb\", rpm:\"vhba-kernel-2.6.27.10-server-1mnb~1.0.0~1.svn304.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vhba-kernel-desktop586-latest\", rpm:\"vhba-kernel-desktop586-latest~1.0.0~1.20090130.1.svn304.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vhba-kernel-desktop-latest\", rpm:\"vhba-kernel-desktop-latest~1.0.0~1.20090130.1.svn304.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vhba-kernel-server-latest\", rpm:\"vhba-kernel-server-latest~1.0.0~1.20090130.1.svn304.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-kernel-2.6.27.10-desktop-1mnb\", rpm:\"virtualbox-kernel-2.6.27.10-desktop-1mnb~2.0.2~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"virtualbox-kernel-2.6.27.10-desktop586-1mnb~2.0.2~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-kernel-2.6.27.10-server-1mnb\", rpm:\"virtualbox-kernel-2.6.27.10-server-1mnb~2.0.2~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-kernel-desktop586-latest\", rpm:\"virtualbox-kernel-desktop586-latest~2.0.2~1.20090130.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-kernel-desktop-latest\", rpm:\"virtualbox-kernel-desktop-latest~2.0.2~1.20090130.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-kernel-server-latest\", rpm:\"virtualbox-kernel-server-latest~2.0.2~1.20090130.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vpnclient-kernel-2.6.27.10-desktop-1mnb\", rpm:\"vpnclient-kernel-2.6.27.10-desktop-1mnb~4.8.01.0640~3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vpnclient-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"vpnclient-kernel-2.6.27.10-desktop586-1mnb~4.8.01.0640~3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vpnclient-kernel-2.6.27.10-server-1mnb\", rpm:\"vpnclient-kernel-2.6.27.10-server-1mnb~4.8.01.0640~3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vpnclient-kernel-desktop586-latest\", rpm:\"vpnclient-kernel-desktop586-latest~4.8.01.0640~1.20090130.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vpnclient-kernel-desktop-latest\", rpm:\"vpnclient-kernel-desktop-latest~4.8.01.0640~1.20090130.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vpnclient-kernel-server-latest\", rpm:\"vpnclient-kernel-server-latest~4.8.01.0640~1.20090130.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia173-kernel-2.6.27.10-server-1mnb\", rpm:\"nvidia173-kernel-2.6.27.10-server-1mnb~173.14.12~4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia173-kernel-server-latest\", rpm:\"nvidia173-kernel-server-latest~173.14.12~1.20090130.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:25", "description": "The remote host is missing an update to kernel\nannounced via advisory MDVSA-2009:032.", "cvss3": {}, "published": "2009-02-02T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:032 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5029", "CVE-2008-5079", "CVE-2008-5300"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:63285", "href": "http://plugins.openvas.org/nasl.php?oid=63285", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_032.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:032 (kernel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Some vulnerabilities were discovered and corrected in the Linux\n2.6 kernel:\n\nnet/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8\nand earlier allows local users to cause a denial of service (kernel\ninfinite loop) by making two calls to svc_listen for the same socket,\nand then reading a /proc/net/atm/*vc file, related to corruption of\nthe vcc table. (CVE-2008-5079)\n\nLinux kernel 2.6.28 allows local users to cause a denial of service\n(soft lockup and process loss) via a large number of sendmsg function\ncalls, which does not block during AF_UNIX garbage collection\nand triggers an OOM condition, a different vulnerability than\nCVE-2008-5029. (CVE-2008-5300)\n\nAdditionally, wireless and hotkeys support for Asus EEE were fixed,\nsystems with HDA sound needing MSI support were added to the quirks\nlist to be autodetected, STAC92HD71Bx and STAC92HD75Bx based HDA\nsupport was enhanced and fixed, support for HDA sound on Acer Aspire\n8930 was added, Dell Inspiron Mini 9 HDA sound support was added, CIFS\nfilesystem should now work with Kerberos, and a few more things. Check\nthe package changelog for details.\n\nTo update your kernel, please follow the directions located at:\n\nhttp://www.mandriva.com/en/security/kernelupdate\n\nAffected: 2009.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:032\";\ntag_summary = \"The remote host is missing an update to kernel\nannounced via advisory MDVSA-2009:032.\";\n\n \n\nif(description)\n{\n script_id(63285);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-02 23:28:24 +0100 (Mon, 02 Feb 2009)\");\n script_cve_id(\"CVE-2008-5079\", \"CVE-2008-5029\", \"CVE-2008-5300\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:032 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"alsa_raoppcm-kernel-2.6.27.10-desktop-1mnb\", rpm:\"alsa_raoppcm-kernel-2.6.27.10-desktop-1mnb~0.5.1~2mdv2008.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"alsa_raoppcm-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"alsa_raoppcm-kernel-2.6.27.10-desktop586-1mnb~0.5.1~2mdv2008.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"alsa_raoppcm-kernel-2.6.27.10-server-1mnb\", rpm:\"alsa_raoppcm-kernel-2.6.27.10-server-1mnb~0.5.1~2mdv2008.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"alsa_raoppcm-kernel-desktop586-latest\", rpm:\"alsa_raoppcm-kernel-desktop586-latest~0.5.1~1.20090130.2mdv2008.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"alsa_raoppcm-kernel-desktop-latest\", rpm:\"alsa_raoppcm-kernel-desktop-latest~0.5.1~1.20090130.2mdv2008.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"alsa_raoppcm-kernel-server-latest\", rpm:\"alsa_raoppcm-kernel-server-latest~0.5.1~1.20090130.2mdv2008.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"drm-experimental-kernel-2.6.27.10-desktop-1mnb\", rpm:\"drm-experimental-kernel-2.6.27.10-desktop-1mnb~2.3.0~2.20080912.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"drm-experimental-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"drm-experimental-kernel-2.6.27.10-desktop586-1mnb~2.3.0~2.20080912.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"drm-experimental-kernel-2.6.27.10-server-1mnb\", rpm:\"drm-experimental-kernel-2.6.27.10-server-1mnb~2.3.0~2.20080912.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"drm-experimental-kernel-desktop586-latest\", rpm:\"drm-experimental-kernel-desktop586-latest~2.3.0~1.20090130.2.20080912.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"drm-experimental-kernel-desktop-latest\", rpm:\"drm-experimental-kernel-desktop-latest~2.3.0~1.20090130.2.20080912.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"drm-experimental-kernel-server-latest\", rpm:\"drm-experimental-kernel-server-latest~2.3.0~1.20090130.2.20080912.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"et131x-kernel-2.6.27.10-desktop-1mnb\", rpm:\"et131x-kernel-2.6.27.10-desktop-1mnb~1.2.3~7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"et131x-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"et131x-kernel-2.6.27.10-desktop586-1mnb~1.2.3~7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"et131x-kernel-2.6.27.10-server-1mnb\", rpm:\"et131x-kernel-2.6.27.10-server-1mnb~1.2.3~7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"et131x-kernel-desktop586-latest\", rpm:\"et131x-kernel-desktop586-latest~1.2.3~1.20090130.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"et131x-kernel-desktop-latest\", rpm:\"et131x-kernel-desktop-latest~1.2.3~1.20090130.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"et131x-kernel-server-latest\", rpm:\"et131x-kernel-server-latest~1.2.3~1.20090130.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fcpci-kernel-2.6.27.10-desktop-1mnb\", rpm:\"fcpci-kernel-2.6.27.10-desktop-1mnb~3.11.07~7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fcpci-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"fcpci-kernel-2.6.27.10-desktop586-1mnb~3.11.07~7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fcpci-kernel-2.6.27.10-server-1mnb\", rpm:\"fcpci-kernel-2.6.27.10-server-1mnb~3.11.07~7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fcpci-kernel-desktop586-latest\", rpm:\"fcpci-kernel-desktop586-latest~3.11.07~1.20090130.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fcpci-kernel-desktop-latest\", rpm:\"fcpci-kernel-desktop-latest~3.11.07~1.20090130.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fcpci-kernel-server-latest\", rpm:\"fcpci-kernel-server-latest~3.11.07~1.20090130.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fglrx-kernel-2.6.27.10-desktop-1mnb\", rpm:\"fglrx-kernel-2.6.27.10-desktop-1mnb~8.522~3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fglrx-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"fglrx-kernel-2.6.27.10-desktop586-1mnb~8.522~3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fglrx-kernel-2.6.27.10-server-1mnb\", rpm:\"fglrx-kernel-2.6.27.10-server-1mnb~8.522~3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fglrx-kernel-desktop586-latest\", rpm:\"fglrx-kernel-desktop586-latest~8.522~1.20090130.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fglrx-kernel-desktop-latest\", rpm:\"fglrx-kernel-desktop-latest~8.522~1.20090130.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fglrx-kernel-server-latest\", rpm:\"fglrx-kernel-server-latest~8.522~1.20090130.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnbd-kernel-2.6.27.10-desktop-1mnb\", rpm:\"gnbd-kernel-2.6.27.10-desktop-1mnb~2.03.07~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnbd-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"gnbd-kernel-2.6.27.10-desktop586-1mnb~2.03.07~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnbd-kernel-2.6.27.10-server-1mnb\", rpm:\"gnbd-kernel-2.6.27.10-server-1mnb~2.03.07~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnbd-kernel-desktop586-latest\", rpm:\"gnbd-kernel-desktop586-latest~2.03.07~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnbd-kernel-desktop-latest\", rpm:\"gnbd-kernel-desktop-latest~2.03.07~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnbd-kernel-server-latest\", rpm:\"gnbd-kernel-server-latest~2.03.07~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hcfpcimodem-kernel-2.6.27.10-desktop-1mnb\", rpm:\"hcfpcimodem-kernel-2.6.27.10-desktop-1mnb~1.17~1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hcfpcimodem-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"hcfpcimodem-kernel-2.6.27.10-desktop586-1mnb~1.17~1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hcfpcimodem-kernel-2.6.27.10-server-1mnb\", rpm:\"hcfpcimodem-kernel-2.6.27.10-server-1mnb~1.17~1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hcfpcimodem-kernel-desktop586-latest\", rpm:\"hcfpcimodem-kernel-desktop586-latest~1.17~1.20090130.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hcfpcimodem-kernel-desktop-latest\", rpm:\"hcfpcimodem-kernel-desktop-latest~1.17~1.20090130.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hcfpcimodem-kernel-server-latest\", rpm:\"hcfpcimodem-kernel-server-latest~1.17~1.20090130.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hsfmodem-kernel-2.6.27.10-desktop-1mnb\", rpm:\"hsfmodem-kernel-2.6.27.10-desktop-1mnb~7.68.00.13~1.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hsfmodem-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"hsfmodem-kernel-2.6.27.10-desktop586-1mnb~7.68.00.13~1.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hsfmodem-kernel-2.6.27.10-server-1mnb\", rpm:\"hsfmodem-kernel-2.6.27.10-server-1mnb~7.68.00.13~1.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hsfmodem-kernel-desktop586-latest\", rpm:\"hsfmodem-kernel-desktop586-latest~7.68.00.13~1.20090130.1.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hsfmodem-kernel-desktop-latest\", rpm:\"hsfmodem-kernel-desktop-latest~7.68.00.13~1.20090130.1.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hsfmodem-kernel-server-latest\", rpm:\"hsfmodem-kernel-server-latest~7.68.00.13~1.20090130.1.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hso-kernel-2.6.27.10-desktop-1mnb\", rpm:\"hso-kernel-2.6.27.10-desktop-1mnb~1.2~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hso-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"hso-kernel-2.6.27.10-desktop586-1mnb~1.2~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hso-kernel-2.6.27.10-server-1mnb\", rpm:\"hso-kernel-2.6.27.10-server-1mnb~1.2~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hso-kernel-desktop586-latest\", rpm:\"hso-kernel-desktop586-latest~1.2~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hso-kernel-desktop-latest\", rpm:\"hso-kernel-desktop-latest~1.2~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hso-kernel-server-latest\", rpm:\"hso-kernel-server-latest~1.2~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"iscsitarget-kernel-2.6.27.10-desktop-1mnb\", rpm:\"iscsitarget-kernel-2.6.27.10-desktop-1mnb~0.4.16~4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"iscsitarget-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"iscsitarget-kernel-2.6.27.10-desktop586-1mnb~0.4.16~4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"iscsitarget-kernel-2.6.27.10-server-1mnb\", rpm:\"iscsitarget-kernel-2.6.27.10-server-1mnb~0.4.16~4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"iscsitarget-kernel-desktop586-latest\", rpm:\"iscsitarget-kernel-desktop586-latest~0.4.16~1.20090130.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"iscsitarget-kernel-desktop-latest\", rpm:\"iscsitarget-kernel-desktop-latest~0.4.16~1.20090130.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"iscsitarget-kernel-server-latest\", rpm:\"iscsitarget-kernel-server-latest~0.4.16~1.20090130.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-2.6.27.10-1mnb\", rpm:\"kernel-2.6.27.10-1mnb~1~1mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-desktop-2.6.27.10-1mnb\", rpm:\"kernel-desktop-2.6.27.10-1mnb~1~1mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-desktop586-2.6.27.10-1mnb\", rpm:\"kernel-desktop586-2.6.27.10-1mnb~1~1mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-desktop586-devel-2.6.27.10-1mnb\", rpm:\"kernel-desktop586-devel-2.6.27.10-1mnb~1~1mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-desktop586-devel-latest\", rpm:\"kernel-desktop586-devel-latest~2.6.27.10~1mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-desktop586-latest\", rpm:\"kernel-desktop586-latest~2.6.27.10~1mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-desktop-devel-2.6.27.10-1mnb\", rpm:\"kernel-desktop-devel-2.6.27.10-1mnb~1~1mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-desktop-devel-latest\", rpm:\"kernel-desktop-devel-latest~2.6.27.10~1mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-desktop-latest\", rpm:\"kernel-desktop-latest~2.6.27.10~1mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.27.10~1mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-server-2.6.27.10-1mnb\", rpm:\"kernel-server-2.6.27.10-1mnb~1~1mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-server-devel-2.6.27.10-1mnb\", rpm:\"kernel-server-devel-2.6.27.10-1mnb~1~1mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-server-devel-latest\", rpm:\"kernel-server-devel-latest~2.6.27.10~1mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-server-latest\", rpm:\"kernel-server-latest~2.6.27.10~1mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source-2.6.27.10-1mnb\", rpm:\"kernel-source-2.6.27.10-1mnb~1~1mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source-latest\", rpm:\"kernel-source-latest~2.6.27.10~1mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kqemu-kernel-2.6.27.10-desktop-1mnb\", rpm:\"kqemu-kernel-2.6.27.10-desktop-1mnb~1.4.0pre1~0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kqemu-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"kqemu-kernel-2.6.27.10-desktop586-1mnb~1.4.0pre1~0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kqemu-kernel-2.6.27.10-server-1mnb\", rpm:\"kqemu-kernel-2.6.27.10-server-1mnb~1.4.0pre1~0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kqemu-kernel-desktop586-latest\", rpm:\"kqemu-kernel-desktop586-latest~1.4.0pre1~1.20090130.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kqemu-kernel-desktop-latest\", rpm:\"kqemu-kernel-desktop-latest~1.4.0pre1~1.20090130.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kqemu-kernel-server-latest\", rpm:\"kqemu-kernel-server-latest~1.4.0pre1~1.20090130.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lirc-kernel-2.6.27.10-desktop-1mnb\", rpm:\"lirc-kernel-2.6.27.10-desktop-1mnb~0.8.3~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lirc-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"lirc-kernel-2.6.27.10-desktop586-1mnb~0.8.3~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lirc-kernel-2.6.27.10-server-1mnb\", rpm:\"lirc-kernel-2.6.27.10-server-1mnb~0.8.3~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lirc-kernel-desktop586-latest\", rpm:\"lirc-kernel-desktop586-latest~0.8.3~1.20090130.4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lirc-kernel-desktop-latest\", rpm:\"lirc-kernel-desktop-latest~0.8.3~1.20090130.4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lirc-kernel-server-latest\", rpm:\"lirc-kernel-server-latest~0.8.3~1.20090130.4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lzma-kernel-2.6.27.10-desktop-1mnb\", rpm:\"lzma-kernel-2.6.27.10-desktop-1mnb~4.43~24mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lzma-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"lzma-kernel-2.6.27.10-desktop586-1mnb~4.43~24mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lzma-kernel-2.6.27.10-server-1mnb\", rpm:\"lzma-kernel-2.6.27.10-server-1mnb~4.43~24mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lzma-kernel-desktop586-latest\", rpm:\"lzma-kernel-desktop586-latest~4.43~1.20090130.24mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lzma-kernel-desktop-latest\", rpm:\"lzma-kernel-desktop-latest~4.43~1.20090130.24mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lzma-kernel-server-latest\", rpm:\"lzma-kernel-server-latest~4.43~1.20090130.24mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"madwifi-kernel-2.6.27.10-desktop-1mnb\", rpm:\"madwifi-kernel-2.6.27.10-desktop-1mnb~0.9.4~3.r3835mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"madwifi-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"madwifi-kernel-2.6.27.10-desktop586-1mnb~0.9.4~3.r3835mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"madwifi-kernel-2.6.27.10-server-1mnb\", rpm:\"madwifi-kernel-2.6.27.10-server-1mnb~0.9.4~3.r3835mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"madwifi-kernel-desktop586-latest\", rpm:\"madwifi-kernel-desktop586-latest~0.9.4~1.20090130.3.r3835mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"madwifi-kernel-desktop-latest\", rpm:\"madwifi-kernel-desktop-latest~0.9.4~1.20090130.3.r3835mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"madwifi-kernel-server-latest\", rpm:\"madwifi-kernel-server-latest~0.9.4~1.20090130.3.r3835mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia173-kernel-2.6.27.10-desktop-1mnb\", rpm:\"nvidia173-kernel-2.6.27.10-desktop-1mnb~173.14.12~4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia173-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"nvidia173-kernel-2.6.27.10-desktop586-1mnb~173.14.12~4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia173-kernel-desktop586-latest\", rpm:\"nvidia173-kernel-desktop586-latest~173.14.12~1.20090130.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia173-kernel-desktop-latest\", rpm:\"nvidia173-kernel-desktop-latest~173.14.12~1.20090130.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia71xx-kernel-2.6.27.10-desktop-1mnb\", rpm:\"nvidia71xx-kernel-2.6.27.10-desktop-1mnb~71.86.06~5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia71xx-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"nvidia71xx-kernel-2.6.27.10-desktop586-1mnb~71.86.06~5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia71xx-kernel-2.6.27.10-server-1mnb\", rpm:\"nvidia71xx-kernel-2.6.27.10-server-1mnb~71.86.06~5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia71xx-kernel-desktop586-latest\", rpm:\"nvidia71xx-kernel-desktop586-latest~71.86.06~1.20090130.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia71xx-kernel-desktop-latest\", rpm:\"nvidia71xx-kernel-desktop-latest~71.86.06~1.20090130.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia71xx-kernel-server-latest\", rpm:\"nvidia71xx-kernel-server-latest~71.86.06~1.20090130.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia96xx-kernel-2.6.27.10-desktop-1mnb\", rpm:\"nvidia96xx-kernel-2.6.27.10-desktop-1mnb~96.43.07~5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia96xx-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"nvidia96xx-kernel-2.6.27.10-desktop586-1mnb~96.43.07~5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia96xx-kernel-2.6.27.10-server-1mnb\", rpm:\"nvidia96xx-kernel-2.6.27.10-server-1mnb~96.43.07~5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia96xx-kernel-desktop586-latest\", rpm:\"nvidia96xx-kernel-desktop586-latest~96.43.07~1.20090130.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia96xx-kernel-desktop-latest\", rpm:\"nvidia96xx-kernel-desktop-latest~96.43.07~1.20090130.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia96xx-kernel-server-latest\", rpm:\"nvidia96xx-kernel-server-latest~96.43.07~1.20090130.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia-current-kernel-2.6.27.10-desktop-1mnb\", rpm:\"nvidia-current-kernel-2.6.27.10-desktop-1mnb~177.70~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia-current-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"nvidia-current-kernel-2.6.27.10-desktop586-1mnb~177.70~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia-current-kernel-2.6.27.10-server-1mnb\", rpm:\"nvidia-current-kernel-2.6.27.10-server-1mnb~177.70~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia-current-kernel-desktop586-latest\", rpm:\"nvidia-current-kernel-desktop586-latest~177.70~1.20090130.2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia-current-kernel-desktop-latest\", rpm:\"nvidia-current-kernel-desktop-latest~177.70~1.20090130.2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia-current-kernel-server-latest\", rpm:\"nvidia-current-kernel-server-latest~177.70~1.20090130.2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"omfs-kernel-2.6.27.10-desktop-1mnb\", rpm:\"omfs-kernel-2.6.27.10-desktop-1mnb~0.8.0~1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"omfs-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"omfs-kernel-2.6.27.10-desktop586-1mnb~0.8.0~1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"omfs-kernel-2.6.27.10-server-1mnb\", rpm:\"omfs-kernel-2.6.27.10-server-1mnb~0.8.0~1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"omfs-kernel-desktop586-latest\", rpm:\"omfs-kernel-desktop586-latest~0.8.0~1.20090130.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"omfs-kernel-desktop-latest\", rpm:\"omfs-kernel-desktop-latest~0.8.0~1.20090130.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"omfs-kernel-server-latest\", rpm:\"omfs-kernel-server-latest~0.8.0~1.20090130.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"omnibook-kernel-2.6.27.10-desktop-1mnb\", rpm:\"omnibook-kernel-2.6.27.10-desktop-1mnb~20080513~0.274.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"omnibook-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"omnibook-kernel-2.6.27.10-desktop586-1mnb~20080513~0.274.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"omnibook-kernel-2.6.27.10-server-1mnb\", rpm:\"omnibook-kernel-2.6.27.10-server-1mnb~20080513~0.274.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"omnibook-kernel-desktop586-latest\", rpm:\"omnibook-kernel-desktop586-latest~20080513~1.20090130.0.274.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"omnibook-kernel-desktop-latest\", rpm:\"omnibook-kernel-desktop-latest~20080513~1.20090130.0.274.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"omnibook-kernel-server-latest\", rpm:\"omnibook-kernel-server-latest~20080513~1.20090130.0.274.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"opencbm-kernel-2.6.27.10-desktop-1mnb\", rpm:\"opencbm-kernel-2.6.27.10-desktop-1mnb~0.4.2a~1mdv2008.1\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"opencbm-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"opencbm-kernel-2.6.27.10-desktop586-1mnb~0.4.2a~1mdv2008.1\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"opencbm-kernel-2.6.27.10-server-1mnb\", rpm:\"opencbm-kernel-2.6.27.10-server-1mnb~0.4.2a~1mdv2008.1\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"opencbm-kernel-desktop586-latest\", rpm:\"opencbm-kernel-desktop586-latest~0.4.2a~1.20090130.1mdv2008.1\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"opencbm-kernel-desktop-latest\", rpm:\"opencbm-kernel-desktop-latest~0.4.2a~1.20090130.1mdv2008.1\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"opencbm-kernel-server-latest\", rpm:\"opencbm-kernel-server-latest~0.4.2a~1.20090130.1mdv2008.1\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ov51x-jpeg-kernel-2.6.27.10-desktop-1mnb\", rpm:\"ov51x-jpeg-kernel-2.6.27.10-desktop-1mnb~1.5.9~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ov51x-jpeg-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"ov51x-jpeg-kernel-2.6.27.10-desktop586-1mnb~1.5.9~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ov51x-jpeg-kernel-2.6.27.10-server-1mnb\", rpm:\"ov51x-jpeg-kernel-2.6.27.10-server-1mnb~1.5.9~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ov51x-jpeg-kernel-desktop586-latest\", rpm:\"ov51x-jpeg-kernel-desktop586-latest~1.5.9~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ov51x-jpeg-kernel-desktop-latest\", rpm:\"ov51x-jpeg-kernel-desktop-latest~1.5.9~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ov51x-jpeg-kernel-server-latest\", rpm:\"ov51x-jpeg-kernel-server-latest~1.5.9~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"qc-usb-kernel-2.6.27.10-desktop-1mnb\", rpm:\"qc-usb-kernel-2.6.27.10-desktop-1mnb~0.6.6~6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"qc-usb-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"qc-usb-kernel-2.6.27.10-desktop586-1mnb~0.6.6~6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"qc-usb-kernel-2.6.27.10-server-1mnb\", rpm:\"qc-usb-kernel-2.6.27.10-server-1mnb~0.6.6~6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"qc-usb-kernel-desktop586-latest\", rpm:\"qc-usb-kernel-desktop586-latest~0.6.6~1.20090130.6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"qc-usb-kernel-desktop-latest\", rpm:\"qc-usb-kernel-desktop-latest~0.6.6~1.20090130.6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"qc-usb-kernel-server-latest\", rpm:\"qc-usb-kernel-server-latest~0.6.6~1.20090130.6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rt2860-kernel-2.6.27.10-desktop-1mnb\", rpm:\"rt2860-kernel-2.6.27.10-desktop-1mnb~1.7.0.0~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rt2860-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"rt2860-kernel-2.6.27.10-desktop586-1mnb~1.7.0.0~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rt2860-kernel-2.6.27.10-server-1mnb\", rpm:\"rt2860-kernel-2.6.27.10-server-1mnb~1.7.0.0~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rt2860-kernel-desktop586-latest\", rpm:\"rt2860-kernel-desktop586-latest~1.7.0.0~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rt2860-kernel-desktop-latest\", rpm:\"rt2860-kernel-desktop-latest~1.7.0.0~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rt2860-kernel-server-latest\", rpm:\"rt2860-kernel-server-latest~1.7.0.0~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rt2870-kernel-2.6.27.10-desktop-1mnb\", rpm:\"rt2870-kernel-2.6.27.10-desktop-1mnb~1.3.1.0~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rt2870-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"rt2870-kernel-2.6.27.10-desktop586-1mnb~1.3.1.0~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rt2870-kernel-2.6.27.10-server-1mnb\", rpm:\"rt2870-kernel-2.6.27.10-server-1mnb~1.3.1.0~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rt2870-kernel-desktop586-latest\", rpm:\"rt2870-kernel-desktop586-latest~1.3.1.0~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rt2870-kernel-desktop-latest\", rpm:\"rt2870-kernel-desktop-latest~1.3.1.0~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rt2870-kernel-server-latest\", rpm:\"rt2870-kernel-server-latest~1.3.1.0~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rtl8187se-kernel-2.6.27.10-desktop-1mnb\", rpm:\"rtl8187se-kernel-2.6.27.10-desktop-1mnb~1016.20080716~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rtl8187se-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"rtl8187se-kernel-2.6.27.10-desktop586-1mnb~1016.20080716~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rtl8187se-kernel-2.6.27.10-server-1mnb\", rpm:\"rtl8187se-kernel-2.6.27.10-server-1mnb~1016.20080716~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rtl8187se-kernel-desktop586-latest\", rpm:\"rtl8187se-kernel-desktop586-latest~1016.20080716~1.20090130.1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rtl8187se-kernel-desktop-latest\", rpm:\"rtl8187se-kernel-desktop-latest~1016.20080716~1.20090130.1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rtl8187se-kernel-server-latest\", rpm:\"rtl8187se-kernel-server-latest~1016.20080716~1.20090130.1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"slmodem-kernel-2.6.27.10-desktop-1mnb\", rpm:\"slmodem-kernel-2.6.27.10-desktop-1mnb~2.9.11~0.20080817.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"slmodem-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"slmodem-kernel-2.6.27.10-desktop586-1mnb~2.9.11~0.20080817.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"slmodem-kernel-2.6.27.10-server-1mnb\", rpm:\"slmodem-kernel-2.6.27.10-server-1mnb~2.9.11~0.20080817.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"slmodem-kernel-desktop586-latest\", rpm:\"slmodem-kernel-desktop586-latest~2.9.11~1.20090130.0.20080817.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"slmodem-kernel-desktop-latest\", rpm:\"slmodem-kernel-desktop-latest~2.9.11~1.20090130.0.20080817.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"slmodem-kernel-server-latest\", rpm:\"slmodem-kernel-server-latest~2.9.11~1.20090130.0.20080817.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squashfs-lzma-kernel-2.6.27.10-desktop-1mnb\", rpm:\"squashfs-lzma-kernel-2.6.27.10-desktop-1mnb~3.3~5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squashfs-lzma-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"squashfs-lzma-kernel-2.6.27.10-desktop586-1mnb~3.3~5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squashfs-lzma-kernel-2.6.27.10-server-1mnb\", rpm:\"squashfs-lzma-kernel-2.6.27.10-server-1mnb~3.3~5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squashfs-lzma-kernel-desktop586-latest\", rpm:\"squashfs-lzma-kernel-desktop586-latest~3.3~1.20090130.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squashfs-lzma-kernel-desktop-latest\", rpm:\"squashfs-lzma-kernel-desktop-latest~3.3~1.20090130.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"squashfs-lzma-kernel-server-latest\", rpm:\"squashfs-lzma-kernel-server-latest~3.3~1.20090130.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tp_smapi-kernel-2.6.27.10-desktop-1mnb\", rpm:\"tp_smapi-kernel-2.6.27.10-desktop-1mnb~0.37~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tp_smapi-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"tp_smapi-kernel-2.6.27.10-desktop586-1mnb~0.37~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tp_smapi-kernel-2.6.27.10-server-1mnb\", rpm:\"tp_smapi-kernel-2.6.27.10-server-1mnb~0.37~2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tp_smapi-kernel-desktop586-latest\", rpm:\"tp_smapi-kernel-desktop586-latest~0.37~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tp_smapi-kernel-desktop-latest\", rpm:\"tp_smapi-kernel-desktop-latest~0.37~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tp_smapi-kernel-server-latest\", rpm:\"tp_smapi-kernel-server-latest~0.37~1.20090130.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vboxadd-kernel-2.6.27.10-desktop-1mnb\", rpm:\"vboxadd-kernel-2.6.27.10-desktop-1mnb~2.0.2~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vboxadd-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"vboxadd-kernel-2.6.27.10-desktop586-1mnb~2.0.2~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vboxadd-kernel-2.6.27.10-server-1mnb\", rpm:\"vboxadd-kernel-2.6.27.10-server-1mnb~2.0.2~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vboxadd-kernel-desktop586-latest\", rpm:\"vboxadd-kernel-desktop586-latest~2.0.2~1.20090130.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vboxadd-kernel-desktop-latest\", rpm:\"vboxadd-kernel-desktop-latest~2.0.2~1.20090130.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vboxadd-kernel-server-latest\", rpm:\"vboxadd-kernel-server-latest~2.0.2~1.20090130.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vboxvfs-kernel-2.6.27.10-desktop-1mnb\", rpm:\"vboxvfs-kernel-2.6.27.10-desktop-1mnb~2.0.2~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vboxvfs-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"vboxvfs-kernel-2.6.27.10-desktop586-1mnb~2.0.2~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vboxvfs-kernel-2.6.27.10-server-1mnb\", rpm:\"vboxvfs-kernel-2.6.27.10-server-1mnb~2.0.2~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vboxvfs-kernel-desktop586-latest\", rpm:\"vboxvfs-kernel-desktop586-latest~2.0.2~1.20090130.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vboxvfs-kernel-desktop-latest\", rpm:\"vboxvfs-kernel-desktop-latest~2.0.2~1.20090130.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vboxvfs-kernel-server-latest\", rpm:\"vboxvfs-kernel-server-latest~2.0.2~1.20090130.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vhba-kernel-2.6.27.10-desktop-1mnb\", rpm:\"vhba-kernel-2.6.27.10-desktop-1mnb~1.0.0~1.svn304.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vhba-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"vhba-kernel-2.6.27.10-desktop586-1mnb~1.0.0~1.svn304.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vhba-kernel-2.6.27.10-server-1mnb\", rpm:\"vhba-kernel-2.6.27.10-server-1mnb~1.0.0~1.svn304.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vhba-kernel-desktop586-latest\", rpm:\"vhba-kernel-desktop586-latest~1.0.0~1.20090130.1.svn304.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vhba-kernel-desktop-latest\", rpm:\"vhba-kernel-desktop-latest~1.0.0~1.20090130.1.svn304.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vhba-kernel-server-latest\", rpm:\"vhba-kernel-server-latest~1.0.0~1.20090130.1.svn304.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-kernel-2.6.27.10-desktop-1mnb\", rpm:\"virtualbox-kernel-2.6.27.10-desktop-1mnb~2.0.2~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"virtualbox-kernel-2.6.27.10-desktop586-1mnb~2.0.2~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-kernel-2.6.27.10-server-1mnb\", rpm:\"virtualbox-kernel-2.6.27.10-server-1mnb~2.0.2~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-kernel-desktop586-latest\", rpm:\"virtualbox-kernel-desktop586-latest~2.0.2~1.20090130.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-kernel-desktop-latest\", rpm:\"virtualbox-kernel-desktop-latest~2.0.2~1.20090130.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-kernel-server-latest\", rpm:\"virtualbox-kernel-server-latest~2.0.2~1.20090130.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vpnclient-kernel-2.6.27.10-desktop-1mnb\", rpm:\"vpnclient-kernel-2.6.27.10-desktop-1mnb~4.8.01.0640~3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vpnclient-kernel-2.6.27.10-desktop586-1mnb\", rpm:\"vpnclient-kernel-2.6.27.10-desktop586-1mnb~4.8.01.0640~3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vpnclient-kernel-2.6.27.10-server-1mnb\", rpm:\"vpnclient-kernel-2.6.27.10-server-1mnb~4.8.01.0640~3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vpnclient-kernel-desktop586-latest\", rpm:\"vpnclient-kernel-desktop586-latest~4.8.01.0640~1.20090130.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vpnclient-kernel-desktop-latest\", rpm:\"vpnclient-kernel-desktop-latest~4.8.01.0640~1.20090130.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vpnclient-kernel-server-latest\", rpm:\"vpnclient-kernel-server-latest~4.8.01.0640~1.20090130.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia173-kernel-2.6.27.10-server-1mnb\", rpm:\"nvidia173-kernel-2.6.27.10-server-1mnb~173.14.12~4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nvidia173-kernel-server-latest\", rpm:\"nvidia173-kernel-server-latest~173.14.12~1.20090130.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:47", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2009-02-13T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2008-11593", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5182", "CVE-2008-5079", "CVE-2008-5300"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860465", "href": "http://plugins.openvas.org/nasl.php?oid=860465", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2008-11593\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"kernel on Fedora 10\";\ntag_insight = \"The kernel package contains the Linux kernel (vmlinuz), the core of any\n Linux operating system. The kernel handles the basic functions\n of the operating system: memory allocation, process allocation, device\n input and output, etc.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01326.html\");\n script_id(860465);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-13 10:35:30 +0100 (Fri, 13 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-11593\");\n script_cve_id(\"CVE-2008-5079\", \"CVE-2008-5182\", \"CVE-2008-5300\");\n script_name( \"Fedora Update for kernel FEDORA-2008-11593\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC10\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.27.9~159.fc10\", rls:\"FC10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:35:57", "description": "Oracle Linux Local Security Checks ELSA-2009-0225", "cvss3": {}, "published": "2015-10-08T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2009-0225", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5029", "CVE-2008-5182", "CVE-2008-5079", "CVE-2008-5300"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122525", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122525", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2009-0225.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122525\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:47:17 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2009-0225\");\n script_tag(name:\"insight\", value:\"ELSA-2009-0225 - Oracle Enterprise Linux 5.3 kernel security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2009-0225\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2009-0225.html\");\n script_cve_id(\"CVE-2008-5029\", \"CVE-2008-5079\", \"CVE-2008-5182\", \"CVE-2008-5300\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~128.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~128.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~128.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~128.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~128.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~128.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~128.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~128.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~128.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~128.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~128.el5~1.2.9~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~128.el5PAE~1.2.9~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~128.el5debug~1.2.9~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~128.el5xen~1.2.9~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~128.el5~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~128.el5PAE~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~128.el5debug~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~128.el5xen~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:38:44", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0021.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update includes backported fixes for four security issues. These\nissues only affected users of Red Hat Enterprise Linux 5.2 Extended Update\nSupport as they have already been addressed for users of Red Hat Enterprise\nLinux 5 in the 5.3 update, RHSA-2009:0225.\n\nIn accordance with the support policy, future security updates to Red Hat\nEnterprise Linux 5.2 Extended Update Support will only include issues of\ncritical security impact.\n\n* when fput() was called to close a socket, the __scm_destroy() function\nin the Linux kernel could make indirect recursive calls to itself. This\ncould, potentially, lead to a denial of service issue. (CVE-2008-5029,\nImportant)\n\n* the sendmsg() function in the Linux kernel did not block during UNIX\nsocket garbage collection. This could, potentially, lead to a local denial\nof service. (CVE-2008-5300, Important)\n\n* a flaw was found in the Asynchronous Transfer Mode (ATM) subsystem. A\nlocal, unprivileged user could use the flaw to listen on the same socket\nmore than once, possibly causing a denial of service. (CVE-2008-5079,\nImportant)\n\n* a race condition was found in the Linux kernel inotify watch removal\nand umount implementation. This could allow a local, unprivileged user\nto cause a privilege escalation or a denial of service. (CVE-2008-5182,\nImportant)\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. Note: for this update to take effect, the\nsystem must be rebooted.", "cvss3": {}, "published": "2009-03-02T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0021", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5029", "CVE-2008-5182", "CVE-2008-5079", "CVE-2008-5300"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063433", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063433", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0021.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0021 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0021.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update includes backported fixes for four security issues. These\nissues only affected users of Red Hat Enterprise Linux 5.2 Extended Update\nSupport as they have already been addressed for users of Red Hat Enterprise\nLinux 5 in the 5.3 update, RHSA-2009:0225.\n\nIn accordance with the support policy, future security updates to Red Hat\nEnterprise Linux 5.2 Extended Update Support will only include issues of\ncritical security impact.\n\n* when fput() was called to close a socket, the __scm_destroy() function\nin the Linux kernel could make indirect recursive calls to itself. This\ncould, potentially, lead to a denial of service issue. (CVE-2008-5029,\nImportant)\n\n* the sendmsg() function in the Linux kernel did not block during UNIX\nsocket garbage collection. This could, potentially, lead to a local denial\nof service. (CVE-2008-5300, Important)\n\n* a flaw was found in the Asynchronous Transfer Mode (ATM) subsystem. A\nlocal, unprivileged user could use the flaw to listen on the same socket\nmore than once, possibly causing a denial of service. (CVE-2008-5079,\nImportant)\n\n* a race condition was found in the Linux kernel inotify watch removal\nand umount implementation. This could allow a local, unprivileged user\nto cause a privilege escalation or a denial of service. (CVE-2008-5182,\nImportant)\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. Note: for this update to take effect, the\nsystem must be rebooted.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63433\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-02 19:11:09 +0100 (Mon, 02 Mar 2009)\");\n script_cve_id(\"CVE-2008-5029\", \"CVE-2008-5079\", \"CVE-2008-5182\", \"CVE-2008-5300\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0021\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0021.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump\", rpm:\"kernel-kdump~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump-debuginfo\", rpm:\"kernel-kdump-debuginfo~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump-devel\", rpm:\"kernel-kdump-devel~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:10", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0021.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update includes backported fixes for four security issues. These\nissues only affected users of Red Hat Enterprise Linux 5.2 Extended Update\nSupport as they have already been addressed for users of Red Hat Enterprise\nLinux 5 in the 5.3 update, RHSA-2009:0225.\n\nIn accordance with the support policy, future security updates to Red Hat\nEnterprise Linux 5.2 Extended Update Support will only include issues of\ncritical security impact.\n\n* when fput() was called to close a socket, the __scm_destroy() function\nin the Linux kernel could make indirect recursive calls to itself. This\ncould, potentially, lead to a denial of service issue. (CVE-2008-5029,\nImportant)\n\n* the sendmsg() function in the Linux kernel did not block during UNIX\nsocket garbage collection. This could, potentially, lead to a local denial\nof service. (CVE-2008-5300, Important)\n\n* a flaw was found in the Asynchronous Transfer Mode (ATM) subsystem. A\nlocal, unprivileged user could use the flaw to listen on the same socket\nmore than once, possibly causing a denial of service. (CVE-2008-5079,\nImportant)\n\n* a race condition was found in the Linux kernel inotify watch removal\nand umount implementation. This could allow a local, unprivileged user\nto cause a privilege escalation or a denial of service. (CVE-2008-5182,\nImportant)\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. Note: for this update to take effect, the\nsystem must be rebooted.", "cvss3": {}, "published": "2009-03-02T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0021", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5029", "CVE-2008-5182", "CVE-2008-5079", "CVE-2008-5300"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:63433", "href": "http://plugins.openvas.org/nasl.php?oid=63433", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0021.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0021 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0021.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update includes backported fixes for four security issues. These\nissues only affected users of Red Hat Enterprise Linux 5.2 Extended Update\nSupport as they have already been addressed for users of Red Hat Enterprise\nLinux 5 in the 5.3 update, RHSA-2009:0225.\n\nIn accordance with the support policy, future security updates to Red Hat\nEnterprise Linux 5.2 Extended Update Support will only include issues of\ncritical security impact.\n\n* when fput() was called to close a socket, the __scm_destroy() function\nin the Linux kernel could make indirect recursive calls to itself. This\ncould, potentially, lead to a denial of service issue. (CVE-2008-5029,\nImportant)\n\n* the sendmsg() function in the Linux kernel did not block during UNIX\nsocket garbage collection. This could, potentially, lead to a local denial\nof service. (CVE-2008-5300, Important)\n\n* a flaw was found in the Asynchronous Transfer Mode (ATM) subsystem. A\nlocal, unprivileged user could use the flaw to listen on the same socket\nmore than once, possibly causing a denial of service. (CVE-2008-5079,\nImportant)\n\n* a race condition was found in the Linux kernel inotify watch removal\nand umount implementation. This could allow a local, unprivileged user\nto cause a privilege escalation or a denial of service. (CVE-2008-5182,\nImportant)\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. Note: for this update to take effect, the\nsystem must be rebooted.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(63433);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-02 19:11:09 +0100 (Mon, 02 Mar 2009)\");\n script_cve_id(\"CVE-2008-5029\", \"CVE-2008-5079\", \"CVE-2008-5182\", \"CVE-2008-5300\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0021\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0021.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump\", rpm:\"kernel-kdump~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump-debuginfo\", rpm:\"kernel-kdump-debuginfo~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump-devel\", rpm:\"kernel-kdump-devel~2.6.18~92.1.24.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:06", "description": "The remote host is missing kernel updates announced in\nadvisory RHSA-2009:0053.\n\nThese updated packages address the following security issues:\n\n* a flaw was found in the Asynchronous Transfer Mode (ATM) subsystem. A\nlocal, unprivileged user could use the flaw to listen on the same socket\nmore than once, possibly causing a denial of service. (CVE-2008-5079,\nImportant)\n\n* a buffer overflow flaw was found in the libertas driver. This could,\npotentially, lead to a remote denial of service when an invalid beacon or\nprobe response was received. (CVE-2008-5134, Important)\n\n* a race condition was found in the Linux kernel inotify watch removal\nand umount implementation. This could allow a local, unprivileged user\nto cause a privilege escalation or a denial of service. (CVE-2008-5182,\nImportant)\n\n* the sendmsg() function in the Linux kernel did not block during UNIX\nsocket garbage collection. This could, potentially, lead to a local denial\nof service. (CVE-2008-5300, Important)\n\n* a buffer overflow was found in the Linux kernel Partial Reliable Stream\nControl Transmission Protocol (PR-SCTP) implementation. This could,\npotentially, lead to a denial of service if a Forward-TSN chunk is received\nwith a large stream ID. (CVE-2009-0065, Important)\n\n* a deficiency was found in the libATA implementation. This could,\npotentially, lead to a denial of service. By default, the /dev/sg*\ndevices are accessible only to the root user. (CVE-2008-5700, Low)\n\nFor further details on other bugs fixed, please visit the referenced\nsecurity advisories.\n\nAll Red Hat Enterprise MRG users should install this update which addresses\nthese vulnerabilities and fixes these bugs. For this update to take effect,\nthe system must be rebooted.", "cvss3": {}, "published": "2009-02-10T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0053", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5700", "CVE-2008-5134", "CVE-2008-5182", "CVE-2008-5079", "CVE-2009-0065", "CVE-2008-5300"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:63317", "href": "http://plugins.openvas.org/nasl.php?oid=63317", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0053.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0053 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing kernel updates announced in\nadvisory RHSA-2009:0053.\n\nThese updated packages address the following security issues:\n\n* a flaw was found in the Asynchronous Transfer Mode (ATM) subsystem. A\nlocal, unprivileged user could use the flaw to listen on the same socket\nmore than once, possibly causing a denial of service. (CVE-2008-5079,\nImportant)\n\n* a buffer overflow flaw was found in the libertas driver. This could,\npotentially, lead to a remote denial of service when an invalid beacon or\nprobe response was received. (CVE-2008-5134, Important)\n\n* a race condition was found in the Linux kernel inotify watch removal\nand umount implementation. This could allow a local, unprivileged user\nto cause a privilege escalation or a denial of service. (CVE-2008-5182,\nImportant)\n\n* the sendmsg() function in the Linux kernel did not block during UNIX\nsocket garbage collection. This could, potentially, lead to a local denial\nof service. (CVE-2008-5300, Important)\n\n* a buffer overflow was found in the Linux kernel Partial Reliable Stream\nControl Transmission Protocol (PR-SCTP) implementation. This could,\npotentially, lead to a denial of service if a Forward-TSN chunk is received\nwith a large stream ID. (CVE-2009-0065, Important)\n\n* a deficiency was found in the libATA implementation. This could,\npotentially, lead to a denial of service. By default, the /dev/sg*\ndevices are accessible only to the root user. (CVE-2008-5700, Low)\n\nFor further details on other bugs fixed, please visit the referenced\nsecurity advisories.\n\nAll Red Hat Enterprise MRG users should install this update which addresses\nthese vulnerabilities and fixes these bugs. For this update to take effect,\nthe system must be rebooted.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(63317);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-10 15:52:40 +0100 (Tue, 10 Feb 2009)\");\n script_cve_id(\"CVE-2008-5079\", \"CVE-2008-5134\", \"CVE-2008-5182\", \"CVE-2008-5300\", \"CVE-2008-5700\", \"CVE-2009-0065\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0053\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0053.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/1.1/html/MRG_Release_Notes/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel-rt\", rpm:\"kernel-rt~2.6.24.7~101.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-debug\", rpm:\"kernel-rt-debug~2.6.24.7~101.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-debug-debuginfo\", rpm:\"kernel-rt-debug-debuginfo~2.6.24.7~101.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-debug-devel\", rpm:\"kernel-rt-debug-devel~2.6.24.7~101.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-debuginfo\", rpm:\"kernel-rt-debuginfo~2.6.24.7~101.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-debuginfo-common\", rpm:\"kernel-rt-debuginfo-common~2.6.24.7~101.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-devel\", rpm:\"kernel-rt-devel~2.6.24.7~101.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-trace\", rpm:\"kernel-rt-trace~2.6.24.7~101.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-trace-debuginfo\", rpm:\"kernel-rt-trace-debuginfo~2.6.24.7~101.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-trace-devel\", rpm:\"kernel-rt-trace-devel~2.6.24.7~101.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-vanilla\", rpm:\"kernel-rt-vanilla~2.6.24.7~101.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-vanilla-debuginfo\", rpm:\"kernel-rt-vanilla-debuginfo~2.6.24.7~101.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-vanilla-devel\", rpm:\"kernel-rt-vanilla-devel~2.6.24.7~101.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-doc\", rpm:\"kernel-rt-doc~2.6.24.7~101.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:29:45", "description": "The remote host is missing an update to linux\nannounced via advisory USN-715-1.\n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. If\nyou use linux-restricted-modules, you have to update that package as\nwell to get modules which work with the new kernel version. Unless you\nmanually uninstalled the standard kernel metapackages (e.g. linux-generic,\nlinux-server, linux-powerpc), a standard system upgrade will automatically\nperform this as well.", "cvss3": {}, "published": "2009-02-02T00:00:00", "type": "openvas", "title": "Ubuntu USN-715-1 (linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5702", "CVE-2008-5395", "CVE-2008-5700", "CVE-2008-5182", "CVE-2008-5079", "CVE-2008-5300"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:63309", "href": "http://plugins.openvas.org/nasl.php?oid=63309", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_715_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_715_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-715-1 (linux)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 8.10:\n linux-image-2.6.27-11-generic 2.6.27-11.27\n linux-image-2.6.27-11-server 2.6.27-11.27\n linux-image-2.6.27-11-virtual 2.6.27-11.27\n\nAfter a standard system upgrade you need to reboot your computer to\neffect the necessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-715-1\";\n\ntag_insight = \"Hugo Dias discovered that the ATM subsystem did not correctly manage\nsocket counts. A local attacker could exploit this to cause a system hang,\nleading to a denial of service. (CVE-2008-5079)\n\nIt was discovered that the inotify subsystem contained watch removal\nrace conditions. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2008-5182)\n\nDann Frazier discovered that in certain situations sendmsg did not\ncorrectly release allocated memory. A local attacker could exploit\nthis to force the system to run out of free memory, leading to a denial\nof service. (CVE-2008-5300)\n\nHelge Deller discovered that PA-RISC stack unwinding was not handled\ncorrectly. A local attacker could exploit this to crash the system,\nleading do a denial of service. This did not affect official Ubuntu\nkernels, but was fixed in the source for anyone performing HPPA kernel\nbuilds. (CVE-2008-5395)\n\nIt was discovered that the ATA subsystem did not correctly set timeouts. A\nlocal attacker could exploit this to cause a system hang, leading to a\ndenial of service. (CVE-2008-5700)\n\nIt was discovered that the ib700 watchdog timer did not correctly check\nbuffer sizes. A local attacker could send a specially crafted ioctl\nto the device to cause a system crash, leading to a denial of service.\n(CVE-2008-5702)\";\ntag_summary = \"The remote host is missing an update to linux\nannounced via advisory USN-715-1.\n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. If\nyou use linux-restricted-modules, you have to update that package as\nwell to get modules which work with the new kernel version. Unless you\nmanually uninstalled the standard kernel metapackages (e.g. linux-generic,\nlinux-server, linux-powerpc), a standard system upgrade will automatically\nperform this as well.\";\n\n \n\n\nif(description)\n{\n script_id(63309);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-02 23:28:24 +0100 (Mon, 02 Feb 2009)\");\n script_cve_id(\"CVE-2008-5079\", \"CVE-2008-5182\", \"CVE-2008-5300\", \"CVE-2008-5395\", \"CVE-2008-5700\", \"CVE-2008-5702\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-715-1 (linux)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-715-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"linux-doc-2.6.27\", ver:\"2.6.27-11.27\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.27-11\", ver:\"2.6.27-11.27\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-2.6.27\", ver:\"2.6.27-11.27\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.27-11-generic\", ver:\"2.6.27-11.27\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.27-11-server\", ver:\"2.6.27-11.27\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.27-11-generic\", ver:\"2.6.27-11.27\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.27-11-server\", ver:\"2.6.27-11.27\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.27-11-virtual\", ver:\"2.6.27-11.27\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"2.6.27-11.27\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:32", "description": "The remote host is missing kernel updates announced in\nadvisory RHSA-2009:0053.\n\nThese updated packages address the following security issues:\n\n* a flaw was found in the Asynchronous Transfer Mode (ATM) subsystem. A\nlocal, unprivileged user could use the flaw to listen on the same socket\nmore than once, possibly causing a denial of service. (CVE-2008-5079,\nImportant)\n\n* a buffer overflow flaw was found in the libertas driver. This could,\npotentially, lead to a remote denial of service when an invalid beacon or\nprobe response was received. (CVE-2008-5134, Important)\n\n* a race condition was found in the Linux kernel inotify watch removal\nand umount implementation. This could allow a local, unprivileged user\nto cause a privilege escalation or a denial of service. (CVE-2008-5182,\nImportant)\n\n* the sendmsg() function in the Linux kernel did not block during UNIX\nsocket garbage collection. This could, potentially, lead to a local denial\nof service. (CVE-2008-5300, Important)\n\n* a buffer overflow was found in the Linux kernel Partial Reliable Stream\nControl Transmission Protocol (PR-SCTP) implementation. This could,\npotentially, lead to a denial of service if a Forward-TSN chunk is received\nwith a large stream ID. (CVE-2009-0065, Important)\n\n* a deficiency was found in the libATA implementation. This could,\npotentially, lead to a denial of service. By default, the /dev/sg*\ndevices are accessible only to the root user. (CVE-2008-5700, Low)\n\nFor further details on other bugs fixed, please visit the referenced\nsecurity advisories.\n\nAll Red Hat Enterprise MRG users should install this update which addresses\nthese vulnerabilities and fixes these bugs. For this update to take effect,\nthe system must be rebooted.", "cvss3": {}, "published": "2009-02-10T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0053", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5700", "CVE-2008-5134", "CVE-2008-5182", "CVE-2008-5079", "CVE-2009-0065", "CVE-2008-5300"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063317", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063317", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0053.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0053 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing kernel updates announced in\nadvisory RHSA-2009:0053.\n\nThese updated packages address the following security issues:\n\n* a flaw was found in the Asynchronous Transfer Mode (ATM) subsystem. A\nlocal, unprivileged user could use the flaw to listen on the same socket\nmore than once, possibly causing a denial of service. (CVE-2008-5079,\nImportant)\n\n* a buffer overflow flaw was found in the libertas driver. This could,\npotentially, lead to a remote denial of service when an invalid beacon or\nprobe response was received. (CVE-2008-5134, Important)\n\n* a race condition was found in the Linux kernel inotify watch removal\nand umount implementation. This could allow a local, unprivileged user\nto cause a privilege escalation or a denial of service. (CVE-2008-5182,\nImportant)\n\n* the sendmsg() function in the Linux kernel did not block during UNIX\nsocket garbage collection. This could, potentially, lead to a local denial\nof service. (CVE-2008-5300, Important)\n\n* a buffer overflow was found in the Linux kernel Partial Reliable Stream\nControl Transmission Protocol (PR-SCTP) implementation. This could,\npotentially, lead to a denial of service if a Forward-TSN chunk is received\nwith a large stream ID. (CVE-2009-0065, Important)\n\n* a deficiency was found in the libATA implementation. This could,\npotentially, lead to a denial of service. By default, the /dev/sg*\ndevices are accessible only to the root user. (CVE-2008-5700, Low)\n\nFor further details on other bugs fixed, please visit the referenced\nsecurity advisories.\n\nAll Red Hat Enterprise MRG users should install this update which addresses\nthese vulnerabilities and fixes these bugs. For this update to take effect,\nthe system must be rebooted.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63317\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-10 15:52:40 +0100 (Tue, 10 Feb 2009)\");\n script_cve_id(\"CVE-2008-5079\", \"CVE-2008-5134\", \"CVE-2008-5182\", \"CVE-2008-5300\", \"CVE-2008-5700\", \"CVE-2009-0065\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0053\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0053.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/1.1/html/MRG_Release_Notes/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel-rt\", rpm:\"kernel-rt~2.6.24.7~101.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-debug\", rpm:\"kernel-rt-debug~2.6.24.7~101.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-debug-debuginfo\", rpm:\"kernel-rt-debug-debuginfo~2.6.24.7~101.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-debug-devel\", rpm:\"kernel-rt-debug-devel~2.6.24.7~101.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-debuginfo\", rpm:\"kernel-rt-debuginfo~2.6.24.7~101.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-debuginfo-common\", rpm:\"kernel-rt-debuginfo-common~2.6.24.7~101.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-devel\", rpm:\"kernel-rt-devel~2.6.24.7~101.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-trace\", rpm:\"kernel-rt-trace~2.6.24.7~101.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-trace-debuginfo\", rpm:\"kernel-rt-trace-debuginfo~2.6.24.7~101.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-trace-devel\", rpm:\"kernel-rt-trace-devel~2.6.24.7~101.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-vanilla\", rpm:\"kernel-rt-vanilla~2.6.24.7~101.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-vanilla-debuginfo\", rpm:\"kernel-rt-vanilla-debuginfo~2.6.24.7~101.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-vanilla-devel\", rpm:\"kernel-rt-vanilla-devel~2.6.24.7~101.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-doc\", rpm:\"kernel-rt-doc~2.6.24.7~101.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:46", "description": "The remote host is missing updates to the kernel announced in\nadvisory RHSA-2009:0014. For details, please visit the referenced\nsecurity advisories.\n\nAll Red Hat Enterprise Linux 4 users should upgrade to these updated\npackages, which contain backported patches to resolve these issues.", "cvss3": {}, "published": "2009-01-20T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0014", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5702", "CVE-2008-5029", "CVE-2008-5025", "CVE-2008-5300", "CVE-2008-4933", "CVE-2008-3275", "CVE-2008-4934"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063191", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063191", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0014.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0014 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to the kernel announced in\nadvisory RHSA-2009:0014. For details, please visit the referenced\nsecurity advisories.\n\nAll Red Hat Enterprise Linux 4 users should upgrade to these updated\npackages, which contain backported patches to resolve these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63191\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-20 22:42:09 +0100 (Tue, 20 Jan 2009)\");\n script_cve_id(\"CVE-2008-3275\", \"CVE-2008-4933\", \"CVE-2008-4934\", \"CVE-2008-5025\", \"CVE-2008-5029\", \"CVE-2008-5300\", \"CVE-2008-5702\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0014\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0014.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.9~78.0.13.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.9~78.0.13.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.9~78.0.13.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-hugemem\", rpm:\"kernel-hugemem~2.6.9~78.0.13.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-hugemem-devel\", rpm:\"kernel-hugemem-devel~2.6.9~78.0.13.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.9~78.0.13.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.9~78.0.13.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xenU\", rpm:\"kernel-xenU~2.6.9~78.0.13.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xenU-devel\", rpm:\"kernel-xenU-devel~2.6.9~78.0.13.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-largesmp\", rpm:\"kernel-largesmp~2.6.9~78.0.13.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-largesmp-devel\", rpm:\"kernel-largesmp-devel~2.6.9~78.0.13.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.9~78.0.13.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:52", "description": "The remote host is missing updates to kernel announced in\nadvisory CESA-2009:0014.", "cvss3": {}, "published": "2009-01-20T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:0014 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5702", "CVE-2008-5029", "CVE-2008-5025", "CVE-2008-5300", "CVE-2008-4933", "CVE-2008-3275", "CVE-2008-4934"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063245", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063245", "sourceData": "#CESA-2009:0014 63245 2\n# $Id: ovcesa2009_0014.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0014 (kernel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0014\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0014\nhttps://rhn.redhat.com/errata/RHSA-2009-0014.html\";\ntag_summary = \"The remote host is missing updates to kernel announced in\nadvisory CESA-2009:0014.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63245\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-20 22:42:09 +0100 (Tue, 20 Jan 2009)\");\n script_cve_id(\"CVE-2008-3275\", \"CVE-2008-4933\", \"CVE-2008-4934\", \"CVE-2008-5025\", \"CVE-2008-5029\", \"CVE-2008-5300\", \"CVE-2008-5702\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:0014 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-hugemem\", rpm:\"kernel-hugemem~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-hugemem-devel\", rpm:\"kernel-hugemem-devel~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xenU\", rpm:\"kernel-xenU~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xenU-devel\", rpm:\"kernel-xenU-devel~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-largesmp\", rpm:\"kernel-largesmp~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-largesmp-devel\", rpm:\"kernel-largesmp-devel~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:57", "description": "The remote host is missing updates to kernel announced in\nadvisory CESA-2009:0014.", "cvss3": {}, "published": "2009-01-20T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:0014 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5702", "CVE-2008-5029", "CVE-2008-5025", "CVE-2008-5300", "CVE-2008-4933", "CVE-2008-3275", "CVE-2008-4934"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:63245", "href": "http://plugins.openvas.org/nasl.php?oid=63245", "sourceData": "#CESA-2009:0014 63245 2\n# $Id: ovcesa2009_0014.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0014 (kernel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0014\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0014\nhttps://rhn.redhat.com/errata/RHSA-2009-0014.html\";\ntag_summary = \"The remote host is missing updates to kernel announced in\nadvisory CESA-2009:0014.\";\n\n\n\nif(description)\n{\n script_id(63245);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-20 22:42:09 +0100 (Tue, 20 Jan 2009)\");\n script_cve_id(\"CVE-2008-3275\", \"CVE-2008-4933\", \"CVE-2008-4934\", \"CVE-2008-5025\", \"CVE-2008-5029\", \"CVE-2008-5300\", \"CVE-2008-5702\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:0014 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-hugemem\", rpm:\"kernel-hugemem~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-hugemem-devel\", rpm:\"kernel-hugemem-devel~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xenU\", rpm:\"kernel-xenU~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xenU-devel\", rpm:\"kernel-xenU-devel~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-largesmp\", rpm:\"kernel-largesmp~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-largesmp-devel\", rpm:\"kernel-largesmp-devel~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:32", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2009:0014 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5702", "CVE-2008-5029", "CVE-2008-5025", "CVE-2008-5300", "CVE-2008-4933", "CVE-2008-3275", "CVE-2008-4934"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880928", "href": "http://plugins.openvas.org/nasl.php?oid=880928", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2009:0014 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update addresses the following security issues:\n \n * the sendmsg() function in the Linux kernel did not block during UNIX\n socket garbage collection. This could, potentially, lead to a local denial\n of service. (CVE-2008-5300, Important)\n \n * when fput() was called to close a socket, the __scm_destroy() function in\n the Linux kernel could make indirect recursive calls to itself. This could,\n potentially, lead to a local denial of service. (CVE-2008-5029, Important)\n \n * a deficiency was found in the Linux kernel virtual file system (VFS)\n implementation. This could allow a local, unprivileged user to make a\n series of file creations within deleted directories, possibly causing a\n denial of service. (CVE-2008-3275, Moderate)\n \n * a buffer underflow flaw was found in the Linux kernel IB700 SBC watchdog\n timer driver. This deficiency could lead to a possible information leak. By\n default, the &quot;/dev/watchdog&quot; device is accessible only to the root user.\n (CVE-2008-5702, Low)\n \n * the hfs and hfsplus file systems code failed to properly handle corrupted\n data structures. This could, potentially, lead to a local denial of\n service. (CVE-2008-4933, CVE-2008-5025, Low)\n \n * a flaw was found in the hfsplus file system implementation. This could,\n potentially, lead to a local denial of service when write operations were\n performed. (CVE-2008-4934, Low)\n \n This update also fixes the following bugs:\n \n * when running Red Hat Enterprise Linux 4.6 and 4.7 on some systems running\n Intel\u00ae CPUs, the cpuspeed daemon did not run, preventing the CPU speed from\n being changed, such as not being reduced to an idle state when not in use.\n \n * mmap() could be used to gain access to beyond the first megabyte of RAM,\n due to insufficient checks in the Linux kernel code. Checks have been added\n to prevent this.\n \n * attempting to turn keyboard LEDs on and off rapidly on keyboards with\n slow keyboard controllers, may have caused key presses to fail.\n \n * after migrating a hypervisor guest, the MAC address table was not\n updated, causing packet loss and preventing network connections to the\n guest. Now, a gratuitous ARP request is sent after migration. This\n refreshes the ARP caches, minimizing network downtime.\n \n * writing crash dumps with diskdump may have caused a kernel panic on\n Non-Uniform Memory Access (NUMA) systems with certain memory\n configurations.\n \n * on big-endian systems, such as PowerPC, the getsockopt() function\n incorrectly returned 0 depending on ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"kernel on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-January/015556.html\");\n script_id(880928);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"CESA\", value: \"2009:0014\");\n script_cve_id(\"CVE-2008-3275\", \"CVE-2008-4933\", \"CVE-2008-4934\", \"CVE-2008-5025\", \n \"CVE-2008-5029\", \"CVE-2008-5300\", \"CVE-2008-5702\");\n script_name(\"CentOS Update for kernel CESA-2009:0014 centos4 i386\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-hugemem\", rpm:\"kernel-hugemem~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-hugemem-devel\", rpm:\"kernel-hugemem-devel~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenU\", rpm:\"kernel-xenU~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenU-devel\", rpm:\"kernel-xenU-devel~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:57", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2009-02-13T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2008-11618", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3528", "CVE-2008-3525", "CVE-2008-3831", "CVE-2008-5182", "CVE-2008-5079", "CVE-2008-5300", "CVE-2008-2750"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860598", "href": "http://plugins.openvas.org/nasl.php?oid=860598", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2008-11618\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"kernel on Fedora 9\";\ntag_insight = \"The kernel package contains the Linux kernel (vmlinuz), the core of any\n Linux operating system. The kernel handles the basic functions\n of the operating system: memory allocation, process allocation, device\n input and output, etc.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01358.html\");\n script_id(860598);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-13 10:35:30 +0100 (Fri, 13 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-11618\");\n script_cve_id(\"CVE-2008-5079\", \"CVE-2008-5182\", \"CVE-2008-5300\", \"CVE-2008-3528\", \"CVE-2008-3525\", \"CVE-2008-3831\", \"CVE-2008-2750\");\n script_name( \"Fedora Update for kernel FEDORA-2008-11618\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC9\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.27.9~73.fc9\", rls:\"FC9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:10", "description": "The remote host is missing updates to the kernel announced in\nadvisory RHSA-2009:0014. For details, please visit the referenced\nsecurity advisories.\n\nAll Red Hat Enterprise Linux 4 users should upgrade to these updated\npackages, which contain backported patches to resolve these issues.", "cvss3": {}, "published": "2009-01-20T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0014", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5702", "CVE-2008-5029", "CVE-2008-5025", "CVE-2008-5300", "CVE-2008-4933", "CVE-2008-3275", "CVE-2008-4934"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:63191", "href": "http://plugins.openvas.org/nasl.php?oid=63191", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0014.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0014 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to the kernel announced in\nadvisory RHSA-2009:0014. For details, please visit the referenced\nsecurity advisories.\n\nAll Red Hat Enterprise Linux 4 users should upgrade to these updated\npackages, which contain backported patches to resolve these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(63191);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-20 22:42:09 +0100 (Tue, 20 Jan 2009)\");\n script_cve_id(\"CVE-2008-3275\", \"CVE-2008-4933\", \"CVE-2008-4934\", \"CVE-2008-5025\", \"CVE-2008-5029\", \"CVE-2008-5300\", \"CVE-2008-5702\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0014\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0014.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.9~78.0.13.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.9~78.0.13.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.9~78.0.13.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-hugemem\", rpm:\"kernel-hugemem~2.6.9~78.0.13.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-hugemem-devel\", rpm:\"kernel-hugemem-devel~2.6.9~78.0.13.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.9~78.0.13.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.9~78.0.13.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xenU\", rpm:\"kernel-xenU~2.6.9~78.0.13.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xenU-devel\", rpm:\"kernel-xenU-devel~2.6.9~78.0.13.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-largesmp\", rpm:\"kernel-largesmp~2.6.9~78.0.13.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-largesmp-devel\", rpm:\"kernel-largesmp-devel~2.6.9~78.0.13.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.9~78.0.13.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:29", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2009:0014 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5702", "CVE-2008-5029", "CVE-2008-5025", "CVE-2008-5300", "CVE-2008-4933", "CVE-2008-3275", "CVE-2008-4934"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880928", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880928", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2009:0014 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-January/015556.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880928\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"CESA\", value:\"2009:0014\");\n script_cve_id(\"CVE-2008-3275\", \"CVE-2008-4933\", \"CVE-2008-4934\", \"CVE-2008-5025\",\n \"CVE-2008-5029\", \"CVE-2008-5300\", \"CVE-2008-5702\");\n script_name(\"CentOS Update for kernel CESA-2009:0014 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 4\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update addresses the following security issues:\n\n * the sendmsg() function in the Linux kernel did not block during UNIX\n socket garbage collection. This could, potentially, lead to a local denial\n of service. (CVE-2008-5300, Important)\n\n * when fput() was called to close a socket, the __scm_destroy() function in\n the Linux kernel could make indirect recursive calls to itself. This could,\n potentially, lead to a local denial of service. (CVE-2008-5029, Important)\n\n * a deficiency was found in the Linux kernel virtual file system (VFS)\n implementation. This could allow a local, unprivileged user to make a\n series of file creations within deleted directories, possibly causing a\n denial of service. (CVE-2008-3275, Moderate)\n\n * a buffer underflow flaw was found in the Linux kernel IB700 SBC watchdog\n timer driver. This deficiency could lead to a possible information leak. By\n default, the '/dev/watchdog' device is accessible only to the root user.\n (CVE-2008-5702, Low)\n\n * the hfs and hfsplus file systems code failed to properly handle corrupted\n data structures. This could, potentially, lead to a local denial of\n service. (CVE-2008-4933, CVE-2008-5025, Low)\n\n * a flaw was found in the hfsplus file system implementation. This could,\n potentially, lead to a local denial of service when write operations were\n performed. (CVE-2008-4934, Low)\n\n This update also fixes the following bugs:\n\n * when running Red Hat Enterprise Linux 4.6 and 4.7 on some systems running\n Intel\u00ae CPUs, the cpuspeed daemon did not run, preventing the CPU speed from\n being changed, such as not being reduced to an idle state when not in use.\n\n * mmap() could be used to gain access to beyond the first megabyte of RAM,\n due to insufficient checks in the Linux kernel code. Checks have been added\n to prevent this.\n\n * attempting to turn keyboard LEDs on and off rapidly on keyboards with\n slow keyboard controllers, may have caused key presses to fail.\n\n * after migrating a hypervisor guest, the MAC address table was not\n updated, causing packet loss and preventing network connections to the\n guest. Now, a gratuitous ARP request is sent after migration. This\n refreshes the ARP caches, minimizing network downtime.\n\n * writing crash dumps with diskdump may have caused a kernel panic on\n Non-Uniform Memory Access (NUMA) systems with certain memory\n configurations.\n\n * on big-endian systems, such as PowerPC, the getsockopt() function\n incorrectly returned 0 depending on ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-hugemem\", rpm:\"kernel-hugemem~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-hugemem-devel\", rpm:\"kernel-hugemem-devel~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenU\", rpm:\"kernel-xenU~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenU-devel\", rpm:\"kernel-xenU-devel~2.6.9~78.0.13.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-07-27T10:56:40", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1550.\n\nFor details on the issues addressed in this update, please visit\nthe referenced security advisories.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.", "cvss3": {}, "published": "2009-11-11T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1550", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1895", "CVE-2009-1385", "CVE-2008-5029", "CVE-2009-3001", "CVE-2009-3547", "CVE-2008-5300", "CVE-2009-3002", "CVE-2009-1337", "CVE-2009-2848"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:66178", "href": "http://plugins.openvas.org/nasl.php?oid=66178", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1550.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1550 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1550.\n\nFor details on the issues addressed in this update, please visit\nthe referenced security advisories.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(66178);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2008-5029\", \"CVE-2008-5300\", \"CVE-2009-1337\", \"CVE-2009-1385\", \"CVE-2009-1895\", \"CVE-2009-2848\", \"CVE-2009-3002\", \"CVE-2009-3547\", \"CVE-2009-3001\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1550\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1550.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n script_xref(name : \"URL\" , value : \"http://kbase.redhat.com/faq/docs/DOC-17866\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.4.21~63.EL\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-BOOT\", rpm:\"kernel-BOOT~2.4.21~63.EL\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.4.21~63.EL\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.4.21~63.EL\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-hugemem\", rpm:\"kernel-hugemem~2.4.21~63.EL\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-hugemem-unsupported\", rpm:\"kernel-hugemem-unsupported~2.4.21~63.EL\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.4.21~63.EL\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-unsupported\", rpm:\"kernel-smp-unsupported~2.4.21~63.EL\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.4.21~63.EL\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-unsupported\", rpm:\"kernel-unsupported~2.4.21~63.EL\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:57", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2009:1550 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1895", "CVE-2009-1385", "CVE-2008-5029", "CVE-2009-3001", "CVE-2009-3547", "CVE-2008-5300", "CVE-2009-3002", "CVE-2009-1337", "CVE-2009-2848"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880838", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880838", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2009:1550 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-November/016300.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880838\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"CESA\", value:\"2009:1550\");\n script_cve_id(\"CVE-2008-5029\", \"CVE-2008-5300\", \"CVE-2009-1337\", \"CVE-2009-1385\", \"CVE-2009-1895\", \"CVE-2009-2848\", \"CVE-2009-3002\", \"CVE-2009-3547\", \"CVE-2009-3001\");\n script_name(\"CentOS Update for kernel CESA-2009:1550 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS3\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 3\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n Security fixes:\n\n * when fput() was called to close a socket, the __scm_destroy() function in\n the Linux kernel could make indirect recursive calls to itself. This could,\n potentially, lead to a denial of service issue. (CVE-2008-5029, Important)\n\n * the sendmsg() function in the Linux kernel did not block during UNIX\n socket garbage collection. This could, potentially, lead to a local denial\n of service. (CVE-2008-5300, Important)\n\n * the exit_notify() function in the Linux kernel did not properly reset the\n exit signal if a process executed a set user ID (setuid) application before\n exiting. This could allow a local, unprivileged user to elevate their\n privileges. (CVE-2009-1337, Important)\n\n * a flaw was found in the Intel PRO/1000 network driver in the Linux\n kernel. Frames with sizes near the MTU of an interface may be split across\n multiple hardware receive descriptors. Receipt of such a frame could leak\n through a validation check, leading to a corruption of the length check. A\n remote attacker could use this flaw to send a specially-crafted packet that\n would cause a denial of service or code execution. (CVE-2009-1385,\n Important)\n\n * the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared when a\n setuid or setgid program was executed. A local, unprivileged user could use\n this flaw to bypass the mmap_min_addr protection mechanism and perform a\n NULL pointer dereference attack, or bypass the Address Space Layout\n Randomization (ASLR) security feature. (CVE-2009-1895, Important)\n\n * it was discovered that, when executing a new process, the clear_child_tid\n pointer in the Linux kernel is not cleared. If this pointer points to a\n writable portion of the memory of the new program, the kernel could corrupt\n four bytes of memory, possibly leading to a local denial of service or\n privilege escalation. (CVE-2009-2848, Important)\n\n * missing initialization flaws were found in getname() implementations in\n the IrDA sockets, AppleTalk DDP protocol, NET/ROM protocol, and ROSE\n protocol implementations in the Linux kernel. Certain data structures in\n these getname() implementations were not initialized properly before being\n copied to user-space. These flaws could lead to an information leak.\n (CVE-2009-3002, Important)\n\n * a NULL pointer dereference flaw was found in each of the following\n functions in the Linux kernel: pipe_read_open(), pipe_write_open(), and\n pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could\n be release ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-BOOT\", rpm:\"kernel-BOOT~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-hugemem\", rpm:\"kernel-hugemem~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-hugemem-unsupported\", rpm:\"kernel-hugemem-unsupported~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp-unsupported\", rpm:\"kernel-smp-unsupported~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-unsupported\", rpm:\"kernel-unsupported~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2018-04-06T11:40:02", "description": "The remote host is missing updates to kernel announced in\nadvisory CESA-2009:1550.", "cvss3": {}, "published": "2009-11-11T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1550 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1895", "CVE-2009-1385", "CVE-2008-5029", "CVE-2009-3001", "CVE-2009-3547", "CVE-2008-5300", "CVE-2009-3002", "CVE-2009-1337", "CVE-2009-2848"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066217", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066217", "sourceData": "#CESA-2009:1550 66217 2\n# $Id: ovcesa2009_1550.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1550 (kernel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1550\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1550\nhttps://rhn.redhat.com/errata/RHSA-2009-1550.html\";\ntag_summary = \"The remote host is missing updates to kernel announced in\nadvisory CESA-2009:1550.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66217\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2008-5029\", \"CVE-2008-5300\", \"CVE-2009-1337\", \"CVE-2009-1385\", \"CVE-2009-1895\", \"CVE-2009-2848\", \"CVE-2009-3002\", \"CVE-2009-3547\", \"CVE-2009-3001\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1550 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-BOOT\", rpm:\"kernel-BOOT~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-hugemem\", rpm:\"kernel-hugemem~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-hugemem-unsupported\", rpm:\"kernel-hugemem-unsupported~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-unsupported\", rpm:\"kernel-smp-unsupported~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-unsupported\", rpm:\"kernel-unsupported~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:11", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1550.\n\nFor details on the issues addressed in this update, please visit\nthe referenced security advisories.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.", "cvss3": {}, "published": "2009-11-11T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1550", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1895", "CVE-2009-1385", "CVE-2008-5029", "CVE-2009-3001", "CVE-2009-3547", "CVE-2008-5300", "CVE-2009-3002", "CVE-2009-1337", "CVE-2009-2848"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066178", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066178", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1550.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1550 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1550.\n\nFor details on the issues addressed in this update, please visit\nthe referenced security advisories.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66178\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2008-5029\", \"CVE-2008-5300\", \"CVE-2009-1337\", \"CVE-2009-1385\", \"CVE-2009-1895\", \"CVE-2009-2848\", \"CVE-2009-3002\", \"CVE-2009-3547\", \"CVE-2009-3001\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1550\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1550.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n script_xref(name : \"URL\" , value : \"http://kbase.redhat.com/faq/docs/DOC-17866\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.4.21~63.EL\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-BOOT\", rpm:\"kernel-BOOT~2.4.21~63.EL\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.4.21~63.EL\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.4.21~63.EL\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-hugemem\", rpm:\"kernel-hugemem~2.4.21~63.EL\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-hugemem-unsupported\", rpm:\"kernel-hugemem-unsupported~2.4.21~63.EL\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.4.21~63.EL\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-unsupported\", rpm:\"kernel-smp-unsupported~2.4.21~63.EL\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.4.21~63.EL\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-unsupported\", rpm:\"kernel-unsupported~2.4.21~63.EL\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:21", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2009:1550 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1895", "CVE-2009-1385", "CVE-2008-5029", "CVE-2009-3001", "CVE-2009-3547", "CVE-2008-5300", "CVE-2009-3002", "CVE-2009-1337", "CVE-2009-2848"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880838", "href": "http://plugins.openvas.org/nasl.php?oid=880838", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2009:1550 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n Security fixes:\n \n * when fput() was called to close a socket, the __scm_destroy() function in\n the Linux kernel could make indirect recursive calls to itself. This could,\n potentially, lead to a denial of service issue. (CVE-2008-5029, Important)\n \n * the sendmsg() function in the Linux kernel did not block during UNIX\n socket garbage collection. This could, potentially, lead to a local denial\n of service. (CVE-2008-5300, Important)\n \n * the exit_notify() function in the Linux kernel did not properly reset the\n exit signal if a process executed a set user ID (setuid) application before\n exiting. This could allow a local, unprivileged user to elevate their\n privileges. (CVE-2009-1337, Important)\n \n * a flaw was found in the Intel PRO/1000 network driver in the Linux\n kernel. Frames with sizes near the MTU of an interface may be split across\n multiple hardware receive descriptors. Receipt of such a frame could leak\n through a validation check, leading to a corruption of the length check. A\n remote attacker could use this flaw to send a specially-crafted packet that\n would cause a denial of service or code execution. (CVE-2009-1385,\n Important)\n \n * the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared when a\n setuid or setgid program was executed. A local, unprivileged user could use\n this flaw to bypass the mmap_min_addr protection mechanism and perform a\n NULL pointer dereference attack, or bypass the Address Space Layout\n Randomization (ASLR) security feature. (CVE-2009-1895, Important)\n \n * it was discovered that, when executing a new process, the clear_child_tid\n pointer in the Linux kernel is not cleared. If this pointer points to a\n writable portion of the memory of the new program, the kernel could corrupt\n four bytes of memory, possibly leading to a local denial of service or\n privilege escalation. (CVE-2009-2848, Important)\n \n * missing initialization flaws were found in getname() implementations in\n the IrDA sockets, AppleTalk DDP protocol, NET/ROM protocol, and ROSE\n protocol implementations in the Linux kernel. Certain data structures in\n these getname() implementations were not initialized properly before being\n copied to user-space. These flaws could lead to an information leak.\n (CVE-2009-3002, Important)\n \n * a NULL pointer dereference flaw was found in each of the following\n functions in the Linux kernel: pipe_read_open(), pipe_write_open(), and\n pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could\n be release ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"kernel on CentOS 3\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-November/016300.html\");\n script_id(880838);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"CESA\", value: \"2009:1550\");\n script_cve_id(\"CVE-2008-5029\", \"CVE-2008-5300\", \"CVE-2009-1337\", \"CVE-2009-1385\", \"CVE-2009-1895\", \"CVE-2009-2848\", \"CVE-2009-3002\", \"CVE-2009-3547\", \"CVE-2009-3001\");\n script_name(\"CentOS Update for kernel CESA-2009:1550 centos3 i386\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-BOOT\", rpm:\"kernel-BOOT~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-hugemem\", rpm:\"kernel-hugemem~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-hugemem-unsupported\", rpm:\"kernel-hugemem-unsupported~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp-unsupported\", rpm:\"kernel-smp-unsupported~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-unsupported\", rpm:\"kernel-unsupported~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:01", "description": "The remote host is missing updates to kernel announced in\nadvisory CESA-2009:1550.", "cvss3": {}, "published": "2009-11-11T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1550 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1895", "CVE-2009-1385", "CVE-2008-5029", "CVE-2009-3001", "CVE-2009-3547", "CVE-2008-5300", "CVE-2009-3002", "CVE-2009-1337", "CVE-2009-2848"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:66217", "href": "http://plugins.openvas.org/nasl.php?oid=66217", "sourceData": "#CESA-2009:1550 66217 2\n# $Id: ovcesa2009_1550.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1550 (kernel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1550\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1550\nhttps://rhn.redhat.com/errata/RHSA-2009-1550.html\";\ntag_summary = \"The remote host is missing updates to kernel announced in\nadvisory CESA-2009:1550.\";\n\n\n\nif(description)\n{\n script_id(66217);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2008-5029\", \"CVE-2008-5300\", \"CVE-2009-1337\", \"CVE-2009-1385\", \"CVE-2009-1895\", \"CVE-2009-2848\", \"CVE-2009-3002\", \"CVE-2009-3547\", \"CVE-2009-3001\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1550 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-BOOT\", rpm:\"kernel-BOOT~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-hugemem\", rpm:\"kernel-hugemem~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-hugemem-unsupported\", rpm:\"kernel-hugemem-unsupported~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-unsupported\", rpm:\"kernel-smp-unsupported~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-unsupported\", rpm:\"kernel-unsupported~2.4.21~63.EL\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:42", "description": "The remote host is missing updates to the kernel announced in\nadvisory SUSE-SA:2009:003.", "cvss3": {}, "published": "2009-01-20T00:00:00", "type": "openvas", "title": "SuSE Security Advisory SUSE-SA:2009:003 (kernel-debug)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5702", "CVE-2008-4554", "CVE-2008-5700", "CVE-2008-5029", "CVE-2008-3831", "CVE-2008-5182", "CVE-2008-5079", "CVE-2008-5025", "CVE-2008-5300", "CVE-2008-4933"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063224", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063224", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sa_2009_003.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory SUSE-SA:2009:003 (kernel-debug)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This update fixes various security issues and several bugs in the\nopenSUSE 11.0 kernel.\n\nThe kernel was also updated to the stable version 2.6.25.20,\nincluding its bugfixes.\n\nFor details on the security issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update your system with the packages as indicated in\nthe referenced security advisory.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:003\";\ntag_summary = \"The remote host is missing updates to the kernel announced in\nadvisory SUSE-SA:2009:003.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63224\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-20 22:42:09 +0100 (Tue, 20 Jan 2009)\");\n script_cve_id(\"CVE-2008-3831\", \"CVE-2008-4554\", \"CVE-2008-4933\", \"CVE-2008-5025\", \"CVE-2008-5029\", \"CVE-2008-5079\", \"CVE-2008-5182\", \"CVE-2008-5300\", \"CVE-2008-5700\", \"CVE-2008-5702\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"SuSE Security Advisory SUSE-SA:2009:003 (kernel-debug)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.25.20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.25.20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~2.6.25.20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt\", rpm:\"kernel-rt~2.6.25.20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt_debug\", rpm:\"kernel-rt_debug~2.6.25.20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.25.20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.25.20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~2.6.25.20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.25.20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~2.6.25.20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump\", rpm:\"kernel-kdump~2.6.25.20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ppc64\", rpm:\"kernel-ppc64~2.6.25.20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ps3\", rpm:\"kernel-ps3~2.6.25.20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:56:21", "description": "The remote host is missing updates to the kernel announced in\nadvisory SUSE-SA:2009:003.", "cvss3": {}, "published": "2009-01-20T00:00:00", "type": "openvas", "title": "SuSE Security Advisory SUSE-SA:2009:003 (kernel-debug)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5702", "CVE-2008-4554", "CVE-2008-5700", "CVE-2008-5029", "CVE-2008-3831", "CVE-2008-5182", "CVE-2008-5079", "CVE-2008-5025", "CVE-2008-5300", "CVE-2008-4933"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:63224", "href": "http://plugins.openvas.org/nasl.php?oid=63224", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sa_2009_003.nasl 6668 2017-07-11 13:34:29Z cfischer $\n# Description: Auto-generated from advisory SUSE-SA:2009:003 (kernel-debug)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This update fixes various security issues and several bugs in the\nopenSUSE 11.0 kernel.\n\nThe kernel was also updated to the stable version 2.6.25.20,\nincluding its bugfixes.\n\nFor details on the security issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update your system with the packages as indicated in\nthe referenced security advisory.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:003\";\ntag_summary = \"The remote host is missing updates to the kernel announced in\nadvisory SUSE-SA:2009:003.\";\n\n \n\nif(description)\n{\n script_id(63224);\n script_version(\"$Revision: 6668 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:34:29 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-20 22:42:09 +0100 (Tue, 20 Jan 2009)\");\n script_cve_id(\"CVE-2008-3831\", \"CVE-2008-4554\", \"CVE-2008-4933\", \"CVE-2008-5025\", \"CVE-2008-5029\", \"CVE-2008-5079\", \"CVE-2008-5182\", \"CVE-2008-5300\", \"CVE-2008-5700\", \"CVE-2008-5702\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"SuSE Security Advisory SUSE-SA:2009:003 (kernel-debug)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.25.20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.25.20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~2.6.25.20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt\", rpm:\"kernel-rt~2.6.25.20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt_debug\", rpm:\"kernel-rt_debug~2.6.25.20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.25.20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.25.20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~2.6.25.20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.25.20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~2.6.25.20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump\", rpm:\"kernel-kdump~2.6.25.20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ppc64\", rpm:\"kernel-ppc64~2.6.25.20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ps3\", rpm:\"kernel-ps3~2.6.25.20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:23", "description": "The remote host is missing an update to linux-2.6\nannounced via advisory DSA 1687-1.", "cvss3": {}, "published": "2008-12-23T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1687-1 (linux-2.6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4554", "CVE-2008-3528", "CVE-2008-5029", "CVE-2008-3527", "CVE-2008-5079", "CVE-2008-5025", "CVE-2008-4576", "CVE-2008-5300", "CVE-2008-4933", "CVE-2008-4934"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:62957", "href": "http://plugins.openvas.org/nasl.php?oid=62957", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1687_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1687-1 (linux-2.6)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation. For details,\nplease visit the referenced security advisories.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 2.6.18.dfsg.1-23etch1.\n\nWe recommend that you upgrade your linux-2.6, fai-kernels, and\";\ntag_summary = \"The remote host is missing an update to linux-2.6\nannounced via advisory DSA 1687-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201687-1\";\n\n\nif(description)\n{\n script_id(62957);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-12-23 18:28:16 +0100 (Tue, 23 Dec 2008)\");\n script_cve_id(\"CVE-2008-3527\", \"CVE-2008-3528\", \"CVE-2008-4554\", \"CVE-2008-4576\", \"CVE-2008-4933\", \"CVE-2008-4934\", \"CVE-2008-5025\", \"CVE-2008-5029\", \"CVE-2008-5079\", \"CVE-2008-5300\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"Debian Security Advisory DSA 1687-1 (linux-2.6)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"linux-patch-debian-2.6.18\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-2.6.18\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-doc-2.6.18\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-tree-2.6.18\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-2.6.18\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-support-2.6.18-6\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-alpha-generic\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-alpha-legacy\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-alpha-legacy\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-vserver-alpha\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-vserver-alpha\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all-alpha\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-alpha-smp\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-vserver\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-alpha-smp\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-alpha-generic\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-modules-2.6.18-6-xen-amd64\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-xen-vserver-amd64\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-vserver-amd64\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-amd64\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-xen-vserver\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all-amd64\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-modules-2.6.18-6-xen-vserver-amd64\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"fai-kernels\", ver:\"1.17+etch.23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-xen\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-xen-amd64\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-amd64\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.18-6-xen-amd64\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-xen-vserver-amd64\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-vserver-amd64\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-xen-amd64\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.18-6-xen-vserver-amd64\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-ixp4xx\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-iop32x\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-footbridge\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-rpc\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-rpc\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-s3c2410\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-iop32x\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all-arm\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-s3c2410\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-ixp4xx\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-footbridge\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-parisc64-smp\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-parisc-smp\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all-hppa\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-parisc-smp\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-parisc\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-parisc64\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-parisc64-smp\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-parisc64\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-parisc\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-vserver-686\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-486\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-modules-2.6.18-6-xen-686\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"user-mode-linux\", ver:\"2.6.18-1um-2etch.23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-686-bigmem\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-xen-vserver-686\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.18-6-xen-vserver-686\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-k7\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-xen-vserver-686\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-k7\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-xen-686\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-modules-2.6.18-6-xen-vserver-686\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-686-bigmem\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-686\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all-i386\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.18-6-xen-686\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-vserver-k7\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-vserver-686\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-vserver-k7\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-686\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-486\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-xen-686\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all-ia64\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-itanium\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-itanium\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-mckinley\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-mckinley\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-qemu\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-sb1a-bcm91480b\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-r5k-ip32\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-qemu\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-r4k-ip22\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-sb1-bcm91250a\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all-mips\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-r5k-ip32\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-r4k-ip22\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-sb1-bcm91250a\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-sb1a-bcm91480b\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-r5k-cobalt\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-r4k-kn04\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-r5k-cobalt\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-r3k-kn02\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-r3k-kn02\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-r4k-kn04\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all-mipsel\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-powerpc\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-powerpc64\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-powerpc-miboot\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-vserver-powerpc64\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-powerpc64\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all-powerpc\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-powerpc\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-powerpc-miboot\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-vserver-powerpc\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-powerpc-smp\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-vserver-powerpc64\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-prep\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-prep\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-vserver-powerpc\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-powerpc-smp\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-s390-tape\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-s390\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-s390\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-s390x\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-s390x\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all-s390\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-vserver-s390x\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-vserver-s390x\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-vserver-sparc64\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-sparc64\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-vserver-sparc64\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all-sparc\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-sparc32\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-sparc64\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-sparc64-smp\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-sparc32\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-sparc64-smp\", ver:\"2.6.18.dfsg.1-23etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:18", "description": "The remote host is missing an update to linux-2.6.24\nannounced via advisory DSA 1681-1.", "cvss3": {}, "published": "2008-12-10T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1681-1 (linux-2.6.24)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4554", "CVE-2008-3528", "CVE-2008-5029", "CVE-2008-5134", "CVE-2008-5182", "CVE-2008-4618", "CVE-2008-5025", "CVE-2008-4576", "CVE-2008-5300", "CVE-2008-4933", "CVE-2008-4934"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:62843", "href": "http://plugins.openvas.org/nasl.php?oid=62843", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1681_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1681-1 (linux-2.6.24)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2008-3528\n\nEugene Teo reported a local DoS issue in the ext2 and ext3\nfilesystems. Local users who have been granted the privileges\nnecessary to mount a filesystem would be able to craft a corrupted\nfilesystem that causes the kernel to output error messages in an\ninfinite loop.\n\nCVE-2008-4554\n\nMilos Szeredi reported that the usage of splice() on files opened\nwith O_APPEND allows users to write to the file at arbitrary\noffsets, enabling a bypass of possible assumed semantics of the\nO_APPEND flag.\n\nCVE-2008-4576\n\nVlad Yasevich reported an issue in the SCTP subsystem that may\nallow remote users to cause a local DoS by triggering a kernel\noops.\n\nCVE-2008-4618\n\nWei Yongjun reported an issue in the SCTP subsystem that may allow\nremote users to cause a local DoS by triggering a kernel panic.\n\nCVE-2008-4933\n\nEric Sesterhenn reported a local DoS issue in the hfsplus\nfilesystem. Local users who have been granted the privileges\nnecessary to mount a filesystem would be able to craft a corrupted\nfilesystem that causes the kernel to overrun a buffer, resulting\nin a system oops or memory corruption.\n\nCVE-2008-4934\n\nEric Sesterhenn reported a local DoS issue in the hfsplus\nfilesystem. Local users who have been granted the privileges\nnecessary to mount a filesystem would be able to craft a corrupted\nfilesystem that results in a kernel oops due to an unchecked\nreturn value.\n\nCVE-2008-5025\n\nEric Sesterhenn reported a local DoS issue in the hfs filesystem.\nLocal users who have been granted the privileges necessary to\nmount a filesystem would be able to craft a filesystem with a\ncorrupted catalog name length, resulting in a system oops or\nmemory corruption.\n\nCVE-2008-5029\n\nAndrea Bittau reported a DoS issue in the unix socket subsystem\nthat allows a local user to cause memory corruption, resulting in\na kernel panic.\n\nCVE-2008-5134\n\nJohannes Berg reported a remote DoS issue in the libertas wireless\ndriver, which can be triggered by a specially crafted beacon/probe\nresponse.\n\nCVE-2008-5182\n\nAl Viro reported race conditions in the inotify subsystem that may\nallow local users to acquire elevated privileges.\n\nCVE-2008-5300\n\nDann Frazier reported a DoS condition that allows local users to\ncause the out of memory handler to kill off privileged processes\nor trigger soft lockups due to a starvation issue in the unix\nsocket subsystem.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.6.24-6~etchnhalf.7.\n\nWe recommend that you upgrade your linux-2.6.24 packages.\";\ntag_summary = \"The remote host is missing an update to linux-2.6.24\nannounced via advisory DSA 1681-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201681-1\";\n\n\nif(description)\n{\n script_id(62843);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-12-10 05:23:56 +0100 (Wed, 10 Dec 2008)\");\n script_cve_id(\"CVE-2008-3528\", \"CVE-2008-4554\", \"CVE-2008-4576\", \"CVE-2008-4618\", \"CVE-2008-4933\", \"CVE-2008-4934\", \"CVE-2008-5025\", \"CVE-2008-5029\", \"CVE-2008-5134\", \"CVE-2008-5182\", \"CVE-2008-5300\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1681-1 (linux-2.6.24)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"linux-doc-2.6.24\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-2.6.24\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-2.6.24\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-patch-debian-2.6.24\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-support-2.6.24-etchnhalf.1\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-tree-2.6.24\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-alpha-smp\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-alpha-generic\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-common\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-alpha-generic\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-alpha\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-alpha-legacy\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-alpha-smp\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-alpha-legacy\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-amd64\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-amd64\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-amd64\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-ixp4xx\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-arm\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-footbridge\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-ixp4xx\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-iop32x\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-footbridge\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-iop32x\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-parisc\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-parisc64\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-parisc64-smp\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-parisc64-smp\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-parisc-smp\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-parisc64\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-parisc-smp\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-parisc\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-hppa\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-686\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-686-bigmem\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-686\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-486\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-i386\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-486\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-686-bigmem\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-mckinley\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-itanium\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-mckinley\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-itanium\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-ia64\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-r5k-ip32\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-5kc-malta\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-4kc-malta\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-r4k-ip22\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-mips\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-4kc-malta\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-5kc-malta\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-r5k-ip32\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-r4k-ip22\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-r5k-cobalt\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-mipsel\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-r5k-cobalt\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-powerpc\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-powerpc-miboot\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-powerpc-smp\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-powerpc64\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-powerpc\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-powerpc\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-powerpc-miboot\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-powerpc64\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-powerpc-smp\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-s390x\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-s390\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-s390-tape\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-s390x\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-s390\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-s390\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-sparc\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-sparc64-smp\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-sparc64\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-sparc64\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-sparc64-smp\", ver:\"2.6.24-6~etchnhalf.7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2023-05-18T14:21:54", "description": "Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel :\n\nnet/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and earlier allows local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, related to corruption of the vcc table. (CVE-2008-5079)\n\nLinux kernel 2.6.28 allows local users to cause a denial of service (soft lockup and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029. (CVE-2008-5300)\n\nAdditionaly, wireless and hotkeys support for Asus EEE were fixed, systems with HDA sound needing MSI support were added to the quirks list to be autodetected, STAC92HD71Bx and STAC92HD75Bx based HDA support was enhanced and fixed, support for HDA sound on Acer Aspire 8930 was added, Dell Inspiron Mini 9 HDA sound support was added, CIFS filesystem should now work with Kerberos, and a few more things. Check the package changelog for details.\n\nTo update your kernel, please follow the directions located at :\n\nhttp://www.mandriva.com/en/security/kernelupdate", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : kernel (MDVSA-2009:032)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5029", "CVE-2008-5079", "CVE-2008-5300"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-2.6.27.10-desktop-1mnb", "p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-2.6.27.10-desktop586-1mnb", "p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-2.6.27.10-server-1mnb", "p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-server-latest", "p-cpe:/a:mandriva:linux:drm-experimental-kernel-2.6.27.10-desktop-1mnb", "p-cpe:/a:mandriva:linux:drm-experimental-kernel-2.6.27.10-desktop586-1mnb", "p-cpe:/a:mandriva:linux:drm-experimental-kernel-2.6.27.10-server-1mnb", "p-cpe:/a:mandriva:linux:drm-experimental-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:drm-experimental-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:drm-experimental-kernel-server-latest", "p-cpe:/a:mandriva:linux:et131x-kernel-2.6.27.10-desktop-1mnb", "p-cpe:/a:mandriva:linux:et131x-kernel-2.6.27.10-desktop586-1mnb", "p-cpe:/a:mandriva:linux:et131x-kernel-2.6.27.10-server-1mnb", "p-cpe:/a:mandriva:linux:et131x-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:et131x-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:et131x-kernel-server-latest", "p-cpe:/a:mandriva:linux:fcpci-kernel-2.6.27.10-desktop-1mnb", "p-cpe:/a:mandriva:linux:fcpci-kernel-2.6.27.10-desktop586-1mnb", "p-cpe:/a:mandriva:linux:fcpci-kernel-2.6.27.10-server-1mnb", "p-cpe:/a:mandriva:linux:fcpci-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:fcpci-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:fcpci-kernel-server-latest", "p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.27.10-desktop-1mnb", "p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.27.10-desktop586-1mnb", "p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.27.10-server-1mnb", "p-cpe:/a:mandriva:linux:fglrx-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:fglrx-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:fglrx-kernel-server-latest", "p-cpe:/a:mandriva:linux:gnbd-kernel-2.6.27.10-desktop-1mnb", "p-cpe:/a:mandriva:linux:gnbd-kernel-2.6.27.10-desktop586-1mnb", "p-cpe:/a:mandriva:linux:gnbd-kernel-2.6.27.10-server-1mnb", "p-cpe:/a:mandriva:linux:gnbd-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:gnbd-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:gnbd-kernel-server-latest", "p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.27.10-desktop-1mnb", "p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.27.10-desktop586-1mnb", "p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.27.10-server-1mnb", "p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-server-latest", "p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.27.10-desktop-1mnb", "p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.27.10-desktop586-1mnb", "p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.27.10-server-1mnb", "p-cpe:/a:mandriva:linux:hsfmodem-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:hsfmodem-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:hsfmodem-kernel-server-latest", "p-cpe:/a:mandriva:linux:hso-kernel-2.6.27.10-desktop-1mnb", "p-cpe:/a:mandriva:linux:kernel-2.6.27.10-1mnb", "p-cpe:/a:mandriva:linux:hso-kernel-2.6.27.10-desktop586-1mnb", "p-cpe:/a:mandriva:linux:hso-kernel-2.6.27.10-server-1mnb", "p-cpe:/a:mandriva:linux:hso-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:hso-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:hso-kernel-server-latest", "p-cpe:/a:mandriva:linux:iscsitarget-kernel-2.6.27.10-desktop-1mnb", "p-cpe:/a:mandriva:linux:iscsitarget-kernel-2.6.27.10-desktop586-1mnb", "p-cpe:/a:mandriva:linux:iscsitarget-kernel-2.6.27.10-server-1mnb", "p-cpe:/a:mandriva:linux:iscsitarget-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:iscsitarget-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:iscsitarget-kernel-server-latest", "p-cpe:/a:mandriva:linux:kqemu-kernel-server-latest", "p-cpe:/a:mandriva:linux:lirc-kernel-2.6.27.10-desktop-1mnb", "p-cpe:/a:mandriva:linux:lirc-kernel-2.6.27.10-desktop586-1mnb", "p-cpe:/a:mandriva:linux:lirc-kernel-2.6.27.10-server-1mnb", "p-cpe:/a:mandriva:linux:lirc-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:lirc-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:lirc-kernel-server-latest", "p-cpe:/a:mandriva:linux:lzma-kernel-2.6.27.10-desktop-1mnb", "p-cpe:/a:mandriva:linux:lzma-kernel-2.6.27.10-desktop586-1mnb", "p-cpe:/a:mandriva:linux:lzma-kernel-2.6.27.10-server-1mnb", "p-cpe:/a:mandriva:linux:lzma-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:lzma-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:lzma-kernel-server-latest", "p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.27.10-desktop-1mnb", "p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.27.10-desktop586-1mnb", "p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.27.10-server-1mnb", "p-cpe:/a:mandriva:linux:madwifi-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:omnibook-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:omnibook-kernel-server-latest", "p-cpe:/a:mandriva:linux:opencbm-kernel-2.6.27.10-desktop-1mnb", "p-cpe:/a:mandriva:linux:opencbm-kernel-2.6.27.10-desktop586-1mnb", "p-cpe:/a:mandriva:linux:opencbm-kernel-2.6.27.10-server-1mnb", "p-cpe:/a:mandriva:linux:opencbm-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:opencbm-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:opencbm-kernel-server-latest", "p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-2.6.27.10-desktop-1mnb", "p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-2.6.27.10-desktop586-1mnb", "p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-2.6.27.10-server-1mnb", "p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-server-latest", "p-cpe:/a:mandriva:linux:qc-usb-kernel-2.6.27.10-desktop-1mnb", "p-cpe:/a:mandriva:linux:qc-usb-kernel-2.6.27.10-desktop586-1mnb", "p-cpe:/a:mandriva:linux:qc-usb-kernel-2.6.27.10-server-1mnb", "p-cpe:/a:mandriva:linux:qc-usb-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:qc-usb-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:qc-usb-kernel-server-latest", "p-cpe:/a:mandriva:linux:rt2860-kernel-2.6.27.10-desktop-1mnb", "p-cpe:/a:mandriva:linux:rt2860-kernel-2.6.27.10-desktop586-1mnb", "p-cpe:/a:mandriva:linux:rt2860-kernel-2.6.27.10-server-1mnb", "p-cpe:/a:mandriva:linux:rt2860-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:rt2860-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:rt2860-kernel-server-latest", "p-cpe:/a:mandriva:linux:rt2870-kernel-2.6.27.10-desktop-1mnb", "p-cpe:/a:mandriva:linux:rt2870-kernel-2.6.27.10-desktop586-1mnb", "p-cpe:/a:mandriva:linux:rt2870-kernel-2.6.27.10-server-1mnb", "p-cpe:/a:mandriva:linux:rt2870-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:rt2870-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:rt2870-kernel-server-latest", "p-cpe:/a:mandriva:linux:rtl8187se-kernel-2.6.27.10-desktop-1mnb", "p-cpe:/a:mandriva:linux:rtl8187se-kernel-2.6.27.10-desktop586-1mnb", "p-cpe:/a:mandriva:linux:rtl8187se-kernel-2.6.27.10-server-1mnb", "p-cpe:/a:mandriva:linux:rtl8187se-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:rtl8187se-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:vboxvfs-kernel-2.6.27.10-desktop586-1mnb", "p-cpe:/a:mandriva:linux:vboxvfs-kernel-2.6.27.10-server-1mnb", "p-cpe:/a:mandriva:linux:vboxvfs-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:vboxvfs-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:vboxvfs-kernel-server-latest", "p-cpe:/a:mandriva:linux:vhba-kernel-2.6.27.10-desktop-1mnb", "p-cpe:/a:mandriva:linux:vhba-kernel-2.6.27.10-desktop586-1mnb", "p-cpe:/a:mandriva:linux:vhba-kernel-2.6.27.10-server-1mnb", "p-cpe:/a:mandriva:linux:vhba-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:vhba-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:vhba-kernel-server-latest", "p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.27.10-desktop-1mnb", "p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.27.10-desktop586-1mnb", "p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.27.10-server-1mnb", "p-cpe:/a:mandriva:linux:virtualbox-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:virtualbox-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:virtualbox-kernel-server-latest", "p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.27.10-desktop-1mnb", "p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.27.10-desktop586-1mnb", "p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.27.10-server-1mnb", "p-cpe:/a:mandriva:linux:vpnclient-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:vpnclient-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:vpnclient-kernel-server-latest", "cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:madwifi-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:madwifi-kernel-server-latest", "p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.27.10-desktop-1mnb", "p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.27.10-desktop586-1mnb", "p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.27.10-server-1mnb", "p-cpe:/a:mandriva:linux:nvidia-current-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:nvidia-current-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:nvidia-current-kernel-server-latest", "p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.27.10-desktop-1mnb", "p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.27.10-desktop586-1mnb", "p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.27.10-server-1mnb", "p-cpe:/a:mandriva:linux:nvidia173-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:nvidia173-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:nvidia173-kernel-server-latest", "p-cpe:/a:mandriva:linux:nvidia71xx-kernel-2.6.27.10-desktop-1mnb", "p-cpe:/a:mandriva:linux:nvidia71xx-kernel-2.6.27.10-desktop586-1mnb", "p-cpe:/a:mandriva:linux:nvidia71xx-kernel-2.6.27.10-server-1mnb", "p-cpe:/a:mandriva:linux:nvidia71xx-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:nvidia71xx-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:nvidia71xx-kernel-server-latest", "p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.27.10-desktop-1mnb", "p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.27.10-desktop586-1mnb", "p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.27.10-server-1mnb", "p-cpe:/a:mandriva:linux:nvidia96xx-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:nvidia96xx-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:nvidia96xx-kernel-server-latest", "p-cpe:/a:mandriva:linux:omfs-kernel-2.6.27.10-desktop-1mnb", "p-cpe:/a:mandriva:linux:omfs-kernel-2.6.27.10-desktop586-1mnb", "p-cpe:/a:mandriva:linux:omfs-kernel-2.6.27.10-server-1mnb", "p-cpe:/a:mandriva:linux:omfs-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:omfs-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:omfs-kernel-server-latest", "p-cpe:/a:mandriva:linux:omnibook-kernel-2.6.27.10-desktop-1mnb", "p-cpe:/a:mandriva:linux:omnibook-kernel-2.6.27.10-desktop586-1mnb", "p-cpe:/a:mandriva:linux:omnibook-kernel-2.6.27.10-server-1mnb", "p-cpe:/a:mandriva:linux:omnibook-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:rtl8187se-kernel-server-latest", "p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.27.10-desktop-1mnb", "p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.27.10-desktop586-1mnb", "p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.27.10-server-1mnb", "p-cpe:/a:mandriva:linux:slmodem-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:slmodem-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:slmodem-kernel-server-latest", "p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.27.10-desktop-1mnb", "p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.27.10-desktop586-1mnb", "p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.27.10-server-1mnb", "p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-server-latest", "p-cpe:/a:mandriva:linux:tp_smapi-kernel-2.6.27.10-desktop-1mnb", "p-cpe:/a:mandriva:linux:tp_smapi-kernel-2.6.27.10-desktop586-1mnb", "p-cpe:/a:mandriva:linux:tp_smapi-kernel-2.6.27.10-server-1mnb", "p-cpe:/a:mandriva:linux:tp_smapi-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:tp_smapi-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:tp_smapi-kernel-server-latest", "p-cpe:/a:mandriva:linux:vboxadd-kernel-2.6.27.10-desktop-1mnb", "p-cpe:/a:mandriva:linux:vboxadd-kernel-2.6.27.10-desktop586-1mnb", "p-cpe:/a:mandriva:linux:vboxadd-kernel-2.6.27.10-server-1mnb", "p-cpe:/a:mandriva:linux:vboxadd-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:vboxadd-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:vboxadd-kernel-server-latest", "p-cpe:/a:mandriva:linux:vboxvfs-kernel-2.6.27.10-desktop-1mnb", "p-cpe:/a:mandriva:linux:kernel-desktop-2.6.27.10-1mnb", "p-cpe:/a:mandriva:linux:kernel-desktop-devel-2.6.27.10-1mnb", "p-cpe:/a:mandriva:linux:kernel-desktop-devel-latest", "p-cpe:/a:mandriva:linux:kernel-desktop-latest", "p-cpe:/a:mandriva:linux:kernel-desktop586-2.6.27.10-1mnb", "p-cpe:/a:mandriva:linux:kernel-desktop586-devel-2.6.27.10-1mnb", "p-cpe:/a:mandriva:linux:kernel-desktop586-devel-latest", "p-cpe:/a:mandriva:linux:kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:kernel-doc", "p-cpe:/a:mandriva:linux:kernel-server-2.6.27.10-1mnb", "p-cpe:/a:mandriva:linux:kernel-server-devel-2.6.27.10-1mnb", "p-cpe:/a:mandriva:linux:kernel-server-devel-latest", "p-cpe:/a:mandriva:linux:kernel-server-latest", "p-cpe:/a:mandriva:linux:kernel-source-2.6.27.10-1mnb", "p-cpe:/a:mandriva:linux:kernel-source-latest", "p-cpe:/a:mandriva:linux:kqemu-kernel-2.6.27.10-desktop-1mnb", "p-cpe:/a:mandriva:linux:kqemu-kernel-2.6.27.10-desktop586-1mnb", "p-cpe:/a:mandriva:linux:kqemu-kernel-2.6.27.10-server-1mnb", "p-cpe:/a:mandriva:linux:kqemu-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:kqemu-kernel-desktop586-latest"], "id": "MANDRIVA_MDVSA-2009-032.NASL", "href": "https://www.tenable.com/plugins/nessus/37078", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:032. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37078);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-5079\", \"CVE-2008-5300\");\n script_bugtraq_id(32676);\n script_xref(name:\"MDVSA\", value:\"2009:032\");\n\n script_name(english:\"Mandriva Linux Security Advisory : kernel (MDVSA-2009:032)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Some vulnerabilities were discovered and corrected in the Linux 2.6\nkernel :\n\nnet/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and\nearlier allows local users to cause a denial of service (kernel\ninfinite loop) by making two calls to svc_listen for the same socket,\nand then reading a /proc/net/atm/*vc file, related to corruption of\nthe vcc table. (CVE-2008-5079)\n\nLinux kernel 2.6.28 allows local users to cause a denial of service\n(soft lockup and process loss) via a large number of sendmsg function\ncalls, which does not block during AF_UNIX garbage collection and\ntriggers an OOM condition, a different vulnerability than\nCVE-2008-5029. (CVE-2008-5300)\n\nAdditionaly, wireless and hotkeys support for Asus EEE were fixed,\nsystems with HDA sound needing MSI support were added to the quirks\nlist to be autodetected, STAC92HD71Bx and STAC92HD75Bx based HDA\nsupport was enhanced and fixed, support for HDA sound on Acer Aspire\n8930 was added, Dell Inspiron Mini 9 HDA sound support was added, CIFS\nfilesystem should now work with Kerberos, and a few more things. Check\nthe package changelog for details.\n\nTo update your kernel, please follow the directions located at :\n\nhttp://www.mandriva.com/en/security/kernelupdate\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://qa.mandriva.com/43332\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://qa.mandriva.com/44855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://qa.mandriva.com/44988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://qa.mandriva.com/45136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://qa.mandriva.com/45838\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://qa.mandriva.com/46164\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-2.6.27.10-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-2.6.27.10-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-2.6.27.10-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:drm-experimental-kernel-2.6.27.10-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:drm-experimental-kernel-2.6.27.10-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:drm-experimental-kernel-2.6.27.10-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:drm-experimental-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:drm-experimental-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:drm-experimental-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:et131x-kernel-2.6.27.10-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:et131x-kernel-2.6.27.10-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:et131x-kernel-2.6.27.10-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:et131x-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:et131x-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:et131x-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fcpci-kernel-2.6.27.10-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fcpci-kernel-2.6.27.10-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fcpci-kernel-2.6.27.10-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fcpci-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fcpci-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fcpci-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.27.10-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.27.10-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.27.10-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fglrx-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fglrx-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fglrx-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnbd-kernel-2.6.27.10-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnbd-kernel-2.6.27.10-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnbd-kernel-2.6.27.10-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnbd-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnbd-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnbd-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.27.10-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.27.10-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.27.10-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.27.10-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.27.10-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.27.10-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hsfmodem-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hsfmodem-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hsfmodem-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hso-kernel-2.6.27.10-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hso-kernel-2.6.27.10-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hso-kernel-2.6.27.10-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hso-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hso-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hso-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:iscsitarget-kernel-2.6.27.10-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:iscsitarget-kernel-2.6.27.10-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:iscsitarget-kernel-2.6.27.10-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:iscsitarget-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:iscsitarget-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:iscsitarget-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-2.6.27.10-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-desktop-2.6.27.10-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-desktop-devel-2.6.27.10-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-desktop-devel-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-desktop586-2.6.27.10-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-desktop586-devel-2.6.27.10-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-desktop586-devel-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-server-2.6.27.10-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-server-devel-2.6.27.10-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-server-devel-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-source-2.6.27.10-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-source-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kqemu-kernel-2.6.27.10-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kqemu-kernel-2.6.27.10-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kqemu-kernel-2.6.27.10-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kqemu-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kqemu-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kqemu-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lirc-kernel-2.6.27.10-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lirc-kernel-2.6.27.10-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lirc-kernel-2.6.27.10-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lirc-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lirc-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lirc-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lzma-kernel-2.6.27.10-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lzma-kernel-2.6.27.10-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lzma-kernel-2.6.27.10-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lzma-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lzma-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lzma-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.27.10-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.27.10-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.27.10-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:madwifi-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:madwifi-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:madwifi-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.27.10-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.27.10-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.27.10-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia-current-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia-current-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia-current-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.27.10-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.27.10-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.27.10-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia173-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia173-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia173-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia71xx-kernel-2.6.27.10-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia71xx-kernel-2.6.27.10-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia71xx-kernel-2.6.27.10-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia71xx-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia71xx-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia71xx-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.27.10-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.27.10-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.27.10-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia96xx-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia96xx-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia96xx-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:omfs-kernel-2.6.27.10-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:omfs-kernel-2.6.27.10-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:omfs-kernel-2.6.27.10-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:omfs-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:omfs-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:omfs-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:omnibook-kernel-2.6.27.10-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:omnibook-kernel-2.6.27.10-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:omnibook-kernel-2.6.27.10-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:omnibook-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:omnibook-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:omnibook-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:opencbm-kernel-2.6.27.10-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:opencbm-kernel-2.6.27.10-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:opencbm-kernel-2.6.27.10-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:opencbm-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:opencbm-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:opencbm-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-2.6.27.10-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-2.6.27.10-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-2.6.27.10-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:qc-usb-kernel-2.6.27.10-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:qc-usb-kernel-2.6.27.10-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:qc-usb-kernel-2.6.27.10-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:qc-usb-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:qc-usb-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:qc-usb-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rt2860-kernel-2.6.27.10-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rt2860-kernel-2.6.27.10-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rt2860-kernel-2.6.27.10-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rt2860-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rt2860-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rt2860-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rt2870-kernel-2.6.27.10-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rt2870-kernel-2.6.27.10-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rt2870-kernel-2.6.27.10-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rt2870-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rt2870-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rt2870-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rtl8187se-kernel-2.6.27.10-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rtl8187se-kernel-2.6.27.10-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rtl8187se-kernel-2.6.27.10-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rtl8187se-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rtl8187se-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rtl8187se-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.27.10-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.27.10-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.27.10-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:slmodem-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:slmodem-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:slmodem-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.27.10-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.27.10-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.27.10-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tp_smapi-kernel-2.6.27.10-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tp_smapi-kernel-2.6.27.10-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tp_smapi-kernel-2.6.27.10-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tp_smapi-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tp_smapi-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tp_smapi-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vboxadd-kernel-2.6.27.10-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vboxadd-kernel-2.6.27.10-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vboxadd-kernel-2.6.27.10-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vboxadd-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vboxadd-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vboxadd-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vboxvfs-kernel-2.6.27.10-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vboxvfs-kernel-2.6.27.10-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vboxvfs-kernel-2.6.27.10-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vboxvfs-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vboxvfs-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vboxvfs-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vhba-kernel-2.6.27.10-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vhba-kernel-2.6.27.10-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vhba-kernel-2.6.27.10-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vhba-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vhba-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vhba-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.27.10-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.27.10-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.27.10-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:virtualbox-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:virtualbox-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:virtualbox-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.27.10-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.27.10-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.27.10-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vpnclient-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vpnclient-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vpnclient-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"alsa_raoppcm-kernel-2.6.27.10-desktop-1mnb-0.5.1-2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"alsa_raoppcm-kernel-2.6.27.10-desktop586-1mnb-0.5.1-2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"alsa_raoppcm-kernel-2.6.27.10-server-1mnb-0.5.1-2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"alsa_raoppcm-kernel-desktop-latest-0.5.1-1.20090130.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"alsa_raoppcm-kernel-desktop586-latest-0.5.1-1.20090130.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"alsa_raoppcm-kernel-server-latest-0.5.1-1.20090130.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"drm-experimental-kernel-2.6.27.10-desktop-1mnb-2.3.0-2.20080912.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"drm-experimental-kernel-2.6.27.10-desktop586-1mnb-2.3.0-2.20080912.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"drm-experimental-kernel-2.6.27.10-server-1mnb-2.3.0-2.20080912.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"drm-experimental-kernel-desktop-latest-2.3.0-1.20090130.2.20080912.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"drm-experimental-kernel-desktop586-latest-2.3.0-1.20090130.2.20080912.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"drm-experimental-kernel-server-latest-2.3.0-1.20090130.2.20080912.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"et131x-kernel-2.6.27.10-desktop-1mnb-1.2.3-7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"et131x-kernel-2.6.27.10-desktop586-1mnb-1.2.3-7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"et131x-kernel-2.6.27.10-server-1mnb-1.2.3-7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"et131x-kernel-desktop-latest-1.2.3-1.20090130.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"et131x-kernel-desktop586-latest-1.2.3-1.20090130.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"et131x-kernel-server-latest-1.2.3-1.20090130.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"fcpci-kernel-2.6.27.10-desktop-1mnb-3.11.07-7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"fcpci-kernel-2.6.27.10-desktop586-1mnb-3.11.07-7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"fcpci-kernel-2.6.27.10-server-1mnb-3.11.07-7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"fcpci-kernel-desktop-latest-3.11.07-1.20090130.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"fcpci-kernel-desktop586-latest-3.11.07-1.20090130.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"fcpci-kernel-server-latest-3.11.07-1.20090130.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"fglrx-kernel-2.6.27.10-desktop-1mnb-8.522-3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"fglrx-kernel-2.6.27.10-desktop586-1mnb-8.522-3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"fglrx-kernel-2.6.27.10-server-1mnb-8.522-3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"fglrx-kernel-desktop-latest-8.522-1.20090130.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"fglrx-kernel-desktop586-latest-8.522-1.20090130.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"fglrx-kernel-server-latest-8.522-1.20090130.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gnbd-kernel-2.6.27.10-desktop-1mnb-2.03.07-2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"gnbd-kernel-2.6.27.10-desktop586-1mnb-2.03.07-2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gnbd-kernel-2.6.27.10-server-1mnb-2.03.07-2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gnbd-kernel-desktop-latest-2.03.07-1.20090130.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"gnbd-kernel-desktop586-latest-2.03.07-1.20090130.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gnbd-kernel-server-latest-2.03.07-1.20090130.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"hcfpcimodem-kernel-2.6.27.10-desktop-1mnb-1.17-1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"hcfpcimodem-kernel-2.6.27.10-desktop586-1mnb-1.17-1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"hcfpcimodem-kernel-2.6.27.10-server-1mnb-1.17-1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"hcfpcimodem-kernel-desktop-latest-1.17-1.20090130.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"hcfpcimodem-kernel-desktop586-latest-1.17-1.20090130.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"hcfpcimodem-kernel-server-latest-1.17-1.20090130.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"hsfmodem-kernel-2.6.27.10-desktop-1mnb-7.68.00.13-1.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"hsfmodem-kernel-2.6.27.10-desktop586-1mnb-7.68.00.13-1.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"hsfmodem-kernel-2.6.27.10-server-1mnb-7.68.00.13-1.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"hsfmodem-kernel-desktop-latest-7.68.00.13-1.20090130.1.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"hsfmodem-kernel-desktop586-latest-7.68.00.13-1.20090130.1.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"hsfmodem-kernel-server-latest-7.68.00.13-1.20090130.1.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"hso-kernel-2.6.27.10-desktop-1mnb-1.2-2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"hso-kernel-2.6.27.10-desktop586-1mnb-1.2-2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"hso-kernel-2.6.27.10-server-1mnb-1.2-2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"hso-kernel-desktop-latest-1.2-1.20090130.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"hso-kernel-desktop586-latest-1.2-1.20090130.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"hso-kernel-server-latest-1.2-1.20090130.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"iscsitarget-kernel-2.6.27.10-desktop-1mnb-0.4.16-4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"iscsitarget-kernel-2.6.27.10-desktop586-1mnb-0.4.16-4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"iscsitarget-kernel-2.6.27.10-server-1mnb-0.4.16-4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"iscsitarget-kernel-desktop-latest-0.4.16-1.20090130.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"iscsitarget-kernel-desktop586-latest-0.4.16-1.20090130.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"iscsitarget-kernel-server-latest-0.4.16-1.20090130.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"kernel-2.6.27.10-1mnb-1-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"kernel-desktop-2.6.27.10-1mnb-1-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"kernel-desktop-devel-2.6.27.10-1mnb-1-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"kernel-desktop-devel-latest-2.6.27.10-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"kernel-desktop-latest-2.6.27.10-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"kernel-desktop586-2.6.27.10-1mnb-1-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"kernel-desktop586-devel-2.6.27.10-1mnb-1-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"kernel-desktop586-devel-latest-2.6.27.10-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"kernel-desktop586-latest-2.6.27.10-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"kernel-doc-2.6.27.10-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"kernel-server-2.6.27.10-1mnb-1-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"kernel-server-devel-2.6.27.10-1mnb-1-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"kernel-server-devel-latest-2.6.27.10-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"kernel-server-latest-2.6.27.10-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"kernel-source-2.6.27.10-1mnb-1-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"kernel-source-latest-2.6.27.10-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"kqemu-kernel-2.6.27.10-desktop-1mnb-1.4.0pre1-0\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"kqemu-kernel-2.6.27.10-desktop586-1mnb-1.4.0pre1-0\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"kqemu-kernel-2.6.27.10-server-1mnb-1.4.0pre1-0\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"kqemu-kernel-desktop-latest-1.4.0pre1-1.20090130.0\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"kqemu-kernel-desktop586-latest-1.4.0pre1-1.20090130.0\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"kqemu-kernel-server-latest-1.4.0pre1-1.20090130.0\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"lirc-kernel-2.6.27.10-desktop-1mnb-0.8.3-4.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"lirc-kernel-2.6.27.10-desktop586-1mnb-0.8.3-4.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"lirc-kernel-2.6.27.10-server-1mnb-0.8.3-4.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"lirc-kernel-desktop-latest-0.8.3-1.20090130.4.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"lirc-kernel-desktop586-latest-0.8.3-1.20090130.4.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"lirc-kernel-server-latest-0.8.3-1.20090130.4.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"lzma-kernel-2.6.27.10-desktop-1mnb-4.43-24mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"lzma-kernel-2.6.27.10-desktop586-1mnb-4.43-24mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"lzma-kernel-2.6.27.10-server-1mnb-4.43-24mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"lzma-kernel-desktop-latest-4.43-1.20090130.24mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"lzma-kernel-desktop586-latest-4.43-1.20090130.24mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"lzma-kernel-server-latest-4.43-1.20090130.24mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"madwifi-kernel-2.6.27.10-desktop-1mnb-0.9.4-3.r3835mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"madwifi-kernel-2.6.27.10-desktop586-1mnb-0.9.4-3.r3835mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"madwifi-kernel-2.6.27.10-server-1mnb-0.9.4-3.r3835mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"madwifi-kernel-desktop-latest-0.9.4-1.20090130.3.r3835mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"madwifi-kernel-desktop586-latest-0.9.4-1.20090130.3.r3835mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"madwifi-kernel-server-latest-0.9.4-1.20090130.3.r3835mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"nvidia-current-kernel-2.6.27.10-desktop-1mnb-177.70-2.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"nvidia-current-kernel-2.6.27.10-desktop586-1mnb-177.70-2.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"nvidia-current-kernel-2.6.27.10-server-1mnb-177.70-2.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"nvidia-current-kernel-desktop-latest-177.70-1.20090130.2.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"nvidia-current-kernel-desktop586-latest-177.70-1.20090130.2.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"nvidia-current-kernel-server-latest-177.70-1.20090130.2.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"nvidia173-kernel-2.6.27.10-desktop-1mnb-173.14.12-4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"nvidia173-kernel-2.6.27.10-desktop586-1mnb-173.14.12-4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"nvidia173-kernel-2.6.27.10-server-1mnb-173.14.12-4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"nvidia173-kernel-desktop-latest-173.14.12-1.20090130.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"nvidia173-kernel-desktop586-latest-173.14.12-1.20090130.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"nvidia173-kernel-server-latest-173.14.12-1.20090130.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"nvidia71xx-kernel-2.6.27.10-desktop-1mnb-71.86.06-5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"nvidia71xx-kernel-2.6.27.10-desktop586-1mnb-71.86.06-5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"nvidia71xx-kernel-2.6.27.10-server-1mnb-71.86.06-5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"nvidia71xx-kernel-desktop-latest-71.86.06-1.20090130.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"nvidia71xx-kernel-desktop586-latest-71.86.06-1.20090130.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"nvidia71xx-kernel-server-latest-71.86.06-1.20090130.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"nvidia96xx-kernel-2.6.27.10-desktop-1mnb-96.43.07-5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"nvidia96xx-kernel-2.6.27.10-desktop586-1mnb-96.43.07-5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"nvidia96xx-kernel-2.6.27.10-server-1mnb-96.43.07-5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"nvidia96xx-kernel-desktop-latest-96.43.07-1.20090130.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"nvidia96xx-kernel-desktop586-latest-96.43.07-1.20090130.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"nvidia96xx-kernel-server-latest-96.43.07-1.20090130.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"omfs-kernel-2.6.27.10-desktop-1mnb-0.8.0-1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"omfs-kernel-2.6.27.10-desktop586-1mnb-0.8.0-1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"omfs-kernel-2.6.27.10-server-1mnb-0.8.0-1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"omfs-kernel-desktop-latest-0.8.0-1.20090130.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"omfs-kernel-desktop586-latest-0.8.0-1.20090130.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"omfs-kernel-server-latest-0.8.0-1.20090130.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"omnibook-kernel-2.6.27.10-desktop-1mnb-20080513-0.274.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"omnibook-kernel-2.6.27.10-desktop586-1mnb-20080513-0.274.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"omnibook-kernel-2.6.27.10-server-1mnb-20080513-0.274.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"omnibook-kernel-desktop-latest-20080513-1.20090130.0.274.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"omnibook-kernel-desktop586-latest-20080513-1.20090130.0.274.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"omnibook-kernel-server-latest-20080513-1.20090130.0.274.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"opencbm-kernel-2.6.27.10-desktop-1mnb-0.4.2a-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"opencbm-kernel-2.6.27.10-desktop586-1mnb-0.4.2a-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"opencbm-kernel-2.6.27.10-server-1mnb-0.4.2a-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"opencbm-kernel-desktop-latest-0.4.2a-1.20090130.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"opencbm-kernel-desktop586-latest-0.4.2a-1.20090130.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"opencbm-kernel-server-latest-0.4.2a-1.20090130.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"ov51x-jpeg-kernel-2.6.27.10-desktop-1mnb-1.5.9-2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"ov51x-jpeg-kernel-2.6.27.10-desktop586-1mnb-1.5.9-2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"ov51x-jpeg-kernel-2.6.27.10-server-1mnb-1.5.9-2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"ov51x-jpeg-kernel-desktop-latest-1.5.9-1.20090130.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"ov51x-jpeg-kernel-desktop586-latest-1.5.9-1.20090130.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"ov51x-jpeg-kernel-server-latest-1.5.9-1.20090130.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"qc-usb-kernel-2.6.27.10-desktop-1mnb-0.6.6-6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"qc-usb-kernel-2.6.27.10-desktop586-1mnb-0.6.6-6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"qc-usb-kernel-2.6.27.10-server-1mnb-0.6.6-6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"qc-usb-kernel-desktop-latest-0.6.6-1.20090130.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"qc-usb-kernel-desktop586-latest-0.6.6-1.20090130.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"qc-usb-kernel-server-latest-0.6.6-1.20090130.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"rt2860-kernel-2.6.27.10-desktop-1mnb-1.7.0.0-2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"rt2860-kernel-2.6.27.10-desktop586-1mnb-1.7.0.0-2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"rt2860-kernel-2.6.27.10-server-1mnb-1.7.0.0-2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"rt2860-kernel-desktop-latest-1.7.0.0-1.20090130.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"rt2860-kernel-desktop586-latest-1.7.0.0-1.20090130.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"rt2860-kernel-server-latest-1.7.0.0-1.20090130.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"rt2870-kernel-2.6.27.10-desktop-1mnb-1.3.1.0-2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"rt2870-kernel-2.6.27.10-desktop586-1mnb-1.3.1.0-2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"rt2870-kernel-2.6.27.10-server-1mnb-1.3.1.0-2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"rt2870-kernel-desktop-latest-1.3.1.0-1.20090130.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"rt2870-kernel-desktop586-latest-1.3.1.0-1.20090130.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"rt2870-kernel-server-latest-1.3.1.0-1.20090130.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"rtl8187se-kernel-2.6.27.10-desktop-1mnb-1016.20080716-1.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"rtl8187se-kernel-2.6.27.10-desktop586-1mnb-1016.20080716-1.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"rtl8187se-kernel-2.6.27.10-server-1mnb-1016.20080716-1.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"rtl8187se-kernel-desktop-latest-1016.20080716-1.20090130.1.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"rtl8187se-kernel-desktop586-latest-1016.20080716-1.20090130.1.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"rtl8187se-kernel-server-latest-1016.20080716-1.20090130.1.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"slmodem-kernel-2.6.27.10-desktop-1mnb-2.9.11-0.20080817.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"slmodem-kernel-2.6.27.10-desktop586-1mnb-2.9.11-0.20080817.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"slmodem-kernel-2.6.27.10-server-1mnb-2.9.11-0.20080817.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"slmodem-kernel-desktop-latest-2.9.11-1.20090130.0.20080817.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"slmodem-kernel-desktop586-latest-2.9.11-1.20090130.0.20080817.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"slmodem-kernel-server-latest-2.9.11-1.20090130.0.20080817.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"squashfs-lzma-kernel-2.6.27.10-desktop-1mnb-3.3-5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"squashfs-lzma-kernel-2.6.27.10-desktop586-1mnb-3.3-5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"squashfs-lzma-kernel-2.6.27.10-server-1mnb-3.3-5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"squashfs-lzma-kernel-desktop-latest-3.3-1.20090130.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"squashfs-lzma-kernel-desktop586-latest-3.3-1.20090130.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"squashfs-lzma-kernel-server-latest-3.3-1.20090130.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tp_smapi-kernel-2.6.27.10-desktop-1mnb-0.37-2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"tp_smapi-kernel-2.6.27.10-desktop586-1mnb-0.37-2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tp_smapi-kernel-2.6.27.10-server-1mnb-0.37-2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tp_smapi-kernel-desktop-latest-0.37-1.20090130.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"tp_smapi-kernel-desktop586-latest-0.37-1.20090130.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tp_smapi-kernel-server-latest-0.37-1.20090130.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vboxadd-kernel-2.6.27.10-desktop-1mnb-2.0.2-2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"vboxadd-kernel-2.6.27.10-desktop586-1mnb-2.0.2-2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vboxadd-kernel-2.6.27.10-server-1mnb-2.0.2-2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vboxadd-kernel-desktop-latest-2.0.2-1.20090130.2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"vboxadd-kernel-desktop586-latest-2.0.2-1.20090130.2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vboxadd-kernel-server-latest-2.0.2-1.20090130.2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vboxvfs-kernel-2.6.27.10-desktop-1mnb-2.0.2-2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"vboxvfs-kernel-2.6.27.10-desktop586-1mnb-2.0.2-2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vboxvfs-kernel-2.6.27.10-server-1mnb-2.0.2-2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vboxvfs-kernel-desktop-latest-2.0.2-1.20090130.2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"vboxvfs-kernel-desktop586-latest-2.0.2-1.20090130.2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vboxvfs-kernel-server-latest-2.0.2-1.20090130.2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vhba-kernel-2.6.27.10-desktop-1mnb-1.0.0-1.svn304.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"vhba-kernel-2.6.27.10-desktop586-1mnb-1.0.0-1.svn304.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vhba-kernel-2.6.27.10-server-1mnb-1.0.0-1.svn304.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vhba-kernel-desktop-latest-1.0.0-1.20090130.1.svn304.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"vhba-kernel-desktop586-latest-1.0.0-1.20090130.1.svn304.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vhba-kernel-server-latest-1.0.0-1.20090130.1.svn304.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"virtualbox-kernel-2.6.27.10-desktop-1mnb-2.0.2-2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"virtualbox-kernel-2.6.27.10-desktop586-1mnb-2.0.2-2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"virtualbox-kernel-2.6.27.10-server-1mnb-2.0.2-2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"virtualbox-kernel-desktop-latest-2.0.2-1.20090130.2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"virtualbox-kernel-desktop586-latest-2.0.2-1.20090130.2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"virtualbox-kernel-server-latest-2.0.2-1.20090130.2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vpnclient-kernel-2.6.27.10-desktop-1mnb-4.8.01.0640-3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"vpnclient-kernel-2.6.27.10-desktop586-1mnb-4.8.01.0640-3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vpnclient-kernel-2.6.27.10-server-1mnb-4.8.01.0640-3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vpnclient-kernel-desktop-latest-4.8.01.0640-1.20090130.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"vpnclient-kernel-desktop586-latest-4.8.01.0640-1.20090130.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"vpnclient-kernel-server-latest-4.8.01.0640-1.20090130.3mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:15:38", "description": "Update kernel from version 2.6.27.7 to 2.6.27.9:\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.8 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.9 Also includes three critical fixes scheduled for 2.6.27.10 Update applesmc driver to latest upstream version. (Adds module autoloading.) Update ALSA audio drivers to version 1.0.18a. (See www.alsa-project.org for details.) Security fixes: CVE-2008-5079 in 2.6.27.9 CVE-2008-5182 in 2.6.27.8 CVE-2008-5300 in 2.6.27.8\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Fedora 10 : kernel-2.6.27.9-159.fc10 (2008-11593)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5079", "CVE-2008-5182", "CVE-2008-5300"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:10"], "id": "FEDORA_2008-11593.NASL", "href": "https://www.tenable.com/plugins/nessus/37568", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-11593.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37568);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-5079\", \"CVE-2008-5182\", \"CVE-2008-5300\");\n script_xref(name:\"FEDORA\", value:\"2008-11593\");\n\n script_name(english:\"Fedora 10 : kernel-2.6.27.9-159.fc10 (2008-11593)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update kernel from version 2.6.27.7 to 2.6.27.9:\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.8\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.9 Also\nincludes three critical fixes scheduled for 2.6.27.10 Update applesmc\ndriver to latest upstream version. (Adds module autoloading.) Update\nALSA audio drivers to version 1.0.18a. (See www.alsa-project.org for\ndetails.) Security fixes: CVE-2008-5079 in 2.6.27.9 CVE-2008-5182 in\n2.6.27.8 CVE-2008-5300 in 2.6.27.8\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.8\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8f8e56b1\"\n );\n # http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.9\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7612a49a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=473259\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=473696\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/018236.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?83188a85\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"kernel-2.6.27.9-159.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:47:03", "description": "Update kernel from version 2.6.27.7 to 2.6.27.9:\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.8 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.9 Also includes three critical fixes scheduled for 2.6.27.10 Update applesmc driver to latest upstream version. (Adds module autoloading.) Update ALSA audio drivers to version 1.0.18a. (See www.alsa-project.org for details.) Security fixes: CVE-2008-5079 in 2.6.27.9 CVE-2008-5182 in 2.6.27.8 CVE-2008-5300 in 2.6.27.8\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2008-12-26T00:00:00", "type": "nessus", "title": "Fedora 9 : kernel-2.6.27.9-73.fc9 (2008-11618)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5079", "CVE-2008-5182", "CVE-2008-5300"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:9"], "id": "FEDORA_2008-11618.NASL", "href": "https://www.tenable.com/plugins/nessus/35264", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-11618.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35264);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-5079\", \"CVE-2008-5182\", \"CVE-2008-5300\");\n script_bugtraq_id(32676);\n script_xref(name:\"FEDORA\", value:\"2008-11618\");\n\n script_name(english:\"Fedora 9 : kernel-2.6.27.9-73.fc9 (2008-11618)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update kernel from version 2.6.27.7 to 2.6.27.9:\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.8\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.9 Also\nincludes three critical fixes scheduled for 2.6.27.10 Update applesmc\ndriver to latest upstream version. (Adds module autoloading.) Update\nALSA audio drivers to version 1.0.18a. (See www.alsa-project.org for\ndetails.) Security fixes: CVE-2008-5079 in 2.6.27.9 CVE-2008-5182 in\n2.6.27.8 CVE-2008-5300 in 2.6.27.8\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.8\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8f8e56b1\"\n );\n # http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.9\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7612a49a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=473259\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=473696\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/018268.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4addf118\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/12/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"kernel-2.6.27.9-73.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-10T18:03:55", "description": "The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2009-0225 advisory.\n\n - The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain socket and closing file descriptors. (CVE-2008-5029)\n\n - net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and earlier allows local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, related to corruption of the vcc table. (CVE-2008-5079)\n\n - The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount. (CVE-2008-5182)\n\n - Linux kernel 2.6.28 allows local users to cause a denial of service (soft lockup and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029. (CVE-2008-5300)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-09-07T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : Oracle / Enterprise / Linux / 5.3 / kernel (ELSA-2009-0225)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5029", "CVE-2008-5079", "CVE-2008-5182", "CVE-2008-5300"], "modified": "2023-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-pae", "p-cpe:/a:oracle:linux:kernel-pae-devel", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-xen", "p-cpe:/a:oracle:linux:kernel-xen-devel", "p-cpe:/a:oracle:linux:ocfs2-2.6.18-128.el5", "p-cpe:/a:oracle:linux:ocfs2-2.6.18-128.el5pae", "p-cpe:/a:oracle:linux:ocfs2-2.6.18-128.el5debug", "p-cpe:/a:oracle:linux:ocfs2-2.6.18-128.el5xen", "p-cpe:/a:oracle:linux:oracleasm-2.6.18-128.el5", "p-cpe:/a:oracle:linux:oracleasm-2.6.18-128.el5pae", "p-cpe:/a:oracle:linux:oracleasm-2.6.18-128.el5debug", "p-cpe:/a:oracle:linux:oracleasm-2.6.18-128.el5xen"], "id": "ORACLELINUX_ELSA-2009-0225.NASL", "href": "https://www.tenable.com/plugins/nessus/180612", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2009-0225.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(180612);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/08\");\n\n script_cve_id(\n \"CVE-2008-5029\",\n \"CVE-2008-5079\",\n \"CVE-2008-5182\",\n \"CVE-2008-5300\"\n );\n\n script_name(english:\"Oracle Linux 5 : Oracle / Enterprise / Linux / 5.3 / kernel (ELSA-2009-0225)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2009-0225 advisory.\n\n - The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes\n indirect recursive calls to itself through calls to the fput function, which allows local users to cause a\n denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain\n socket and closing file descriptors. (CVE-2008-5029)\n\n - net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and earlier allows local users to cause a\n denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then\n reading a /proc/net/atm/*vc file, related to corruption of the vcc table. (CVE-2008-5079)\n\n - The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might allow local users to gain privileges\n via unknown vectors related to race conditions in inotify watch removal and umount. (CVE-2008-5182)\n\n - Linux kernel 2.6.28 allows local users to cause a denial of service (soft lockup and process loss) via a\n large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and\n triggers an OOM condition, a different vulnerability than CVE-2008-5029. (CVE-2008-5300)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2009-0225.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2008-5182\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2008-5300\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/11/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/09/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ocfs2-2.6.18-128.el5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ocfs2-2.6.18-128.el5PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ocfs2-2.6.18-128.el5debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ocfs2-2.6.18-128.el5xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:oracleasm-2.6.18-128.el5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:oracleasm-2.6.18-128.el5PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:oracleasm-2.6.18-128.el5debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:oracleasm-2.6.18-128.el5xen\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 5', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.18-128.el5'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2009-0225');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-headers-2.6.18-128.el5', 'cpu':'i386', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.18'},\n {'reference':'kernel-2.6.18-128.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.18'},\n {'reference':'kernel-PAE-2.6.18-128.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-PAE-2.6.18'},\n {'reference':'kernel-PAE-devel-2.6.18-128.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-PAE-devel-2.6.18'},\n {'reference':'kernel-debug-2.6.18-128.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.18'},\n {'reference':'kernel-debug-devel-2.6.18-128.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.18'},\n {'reference':'kernel-devel-2.6.18-128.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.18'},\n {'reference':'kernel-xen-2.6.18-128.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-xen-2.6.18'},\n {'reference':'kernel-xen-devel-2.6.18-128.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-xen-devel-2.6.18'},\n {'reference':'ocfs2-2.6.18-128.el5-1.2.9-1.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocfs2-2.6.18-128.el5PAE-1.2.9-1.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocfs2-2.6.18-128.el5debug-1.2.9-1.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocfs2-2.6.18-128.el5xen-1.2.9-1.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'oracleasm-2.6.18-128.el5-2.0.5-1.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'oracleasm-2.6.18-128.el5PAE-2.0.5-1.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'oracleasm-2.6.18-128.el5debug-2.0.5-1.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'oracleasm-2.6.18-128.el5xen-2.0.5-1.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-2.6.18-128.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.18'},\n {'reference':'kernel-debug-2.6.18-128.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.18'},\n {'reference':'kernel-debug-devel-2.6.18-128.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.18'},\n {'reference':'kernel-devel-2.6.18-128.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.18'},\n {'reference':'kernel-headers-2.6.18-128.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.18'},\n {'reference':'kernel-xen-2.6.18-128.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-xen-2.6.18'},\n {'reference':'kernel-xen-devel-2.6.18-128.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-xen-devel-2.6.18'},\n {'reference':'ocfs2-2.6.18-128.el5-1.2.9-1.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocfs2-2.6.18-128.el5debug-1.2.9-1.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocfs2-2.6.18-128.el5xen-1.2.9-1.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'oracleasm-2.6.18-128.el5-2.0.5-1.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'oracleasm-2.6.18-128.el5debug-2.0.5-1.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'oracleasm-2.6.18-128.el5xen-2.0.5-1.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-PAE / kernel-PAE-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:31", "description": "Updated kernel packages that fix three security issues, address several hundred bugs and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the third regular update.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe Linux kernel (the core of the Linux operating system)\n\nThese updated packages contain 730 bug fixes and enhancements for the Linux kernel. Space precludes a detailed description of each of these changes in this advisory and users are therefore directed to the release notes for Red Hat Enterprise Linux 5.3 for information on 97 of the most significant of these changes.\n\nDetails of three security-related bug fixes are set out below, along with notes on other broad categories of change not covered in the release notes. For more detailed information on specific bug fixes or enhancements, please consult the Bugzilla numbers listed in this advisory.\n\n* when fput() was called to close a socket, the __scm_destroy() function in the Linux kernel could make indirect recursive calls to itself. This could, potentially, lead to a denial of service issue.\n(CVE-2008-5029, Important)\n\n* a flaw was found in the Asynchronous Transfer Mode (ATM) subsystem.\nA local, unprivileged user could use the flaw to listen on the same socket more than once, possibly causing a denial of service.\n(CVE-2008-5079, Important)\n\n* a race condition was found in the Linux kernel 'inotify' watch removal and umount implementation. This could allow a local, unprivileged user to cause a privilege escalation or a denial of service. (CVE-2008-5182, Important)\n\n* Bug fixes and enhancements are provided for :\n\n* support for specific NICs, including products from the following manufacturers: Broadcom Chelsio Cisco Intel Marvell NetXen Realtek Sun\n\n* Fiber Channel support, including support for Qlogic qla2xxx, qla4xxx, and qla84xx HBAs and the FCoE, FCP, and zFCP protocols.\n\n* support for various CPUs, including: AMD Opteron processors with 45 nm SOI ('Shanghai') AMD Turion Ultra processors Cell processors Intel Core i7 processors\n\n* Xen support, including issues specific to the IA64 platform, systems using AMD processors, and Dell Optiplex GX280 systems\n\n* ext3, ext4, GFS2, NFS, and SPUFS\n\n* Infiniband (including eHCA, eHEA, and IPoIB) support\n\n* common I/O (CIO), direct I/O (DIO), and queued direct I/O (qdio) support\n\n* the kernel distributed lock manager (DLM)\n\n* hardware issues with: SCSI, IEEE 1394 (FireWire), RAID (including issues specific to Adaptec controllers), SATA (including NCQ), PCI, audio, serial connections, tape-drives, and USB\n\n* ACPI, some of a general nature and some related to specific hardware including: certain Lenovo Thinkpad notebooks, HP DC7700 systems, and certain machines based on Intel Centrino processor technology.\n\n* CIFS, including Kerberos support and a tech-preview of DFS support\n\n* networking support, including IPv6, PPPoE, and IPSec\n\n* support for Intel chipsets, including: Intel Cantiga chipsets Intel Eagle Lake chipsets Intel i915 chipsets Intel i965 chipsets Intel Ibex Peak chipsets Intel chipsets offering QuickPath Interconnects (QPI)\n\n* device mapping issues, including some in device mapper itself\n\n* various issues specific to IA64 and PPC\n\n* CCISS, including support for Compaq SMART Array controllers P711m and P712m and other new hardware\n\n* various issues affecting specific HP systems, including: DL785G5 XW4800 XW8600 XW8600 XW9400\n\n* IOMMU support, including specific issues with AMD and IBM Calgary hardware\n\n* the audit subsystem\n\n* DASD support\n\n* iSCSI support, including issues specific to Chelsio T3 adapters\n\n* LVM issues\n\n* SCTP management information base (MIB) support\n\n* issues with: autofs, kdump, kobject_add, libata, lpar, ptrace, and utrace\n\n* IBM Power platforms using Enhanced I/O Error Handling (EEH)\n\n* EDAC issues for AMD K8 and Intel i5000\n\n* ALSA, including support for new hardware\n\n* futex support\n\n* hugepage support\n\n* Intelligent Platform Management Interface (IPMI) support\n\n* issues affecting NEC/Stratus servers\n\n* OFED support\n\n* SELinux\n\n* various Virtio issues\n\nAll users are advised to upgrade to these updated packages, which resolve these issues and add these enhancements.", "cvss3": {}, "published": "2009-01-21T00:00:00", "type": "nessus", "title": "RHEL 5 : kernel (RHSA-2009:0225)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5029", "CVE-2008-5079", "CVE-2008-5182", "CVE-2008-5300"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-pae", "p-cpe:/a:redhat:enterprise_linux:kernel-pae-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xen", "p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2009-0225.NASL", "href": "https://www.tenable.com/plugins/nessus/35434", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0225. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35434);\n script_version(\"1.29\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5029\", \"CVE-2008-5079\", \"CVE-2008-5182\", \"CVE-2008-5300\");\n script_bugtraq_id(32154, 32676, 33503);\n script_xref(name:\"RHSA\", value:\"2009:0225\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2009:0225)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix three security issues, address\nseveral hundred bugs and add numerous enhancements are now available\nas part of the ongoing support and maintenance of Red Hat Enterprise\nLinux version 5. This is the third regular update.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe Linux kernel (the core of the Linux operating system)\n\nThese updated packages contain 730 bug fixes and enhancements for the\nLinux kernel. Space precludes a detailed description of each of these\nchanges in this advisory and users are therefore directed to the\nrelease notes for Red Hat Enterprise Linux 5.3 for information on 97\nof the most significant of these changes.\n\nDetails of three security-related bug fixes are set out below, along\nwith notes on other broad categories of change not covered in the\nrelease notes. For more detailed information on specific bug fixes or\nenhancements, please consult the Bugzilla numbers listed in this\nadvisory.\n\n* when fput() was called to close a socket, the __scm_destroy()\nfunction in the Linux kernel could make indirect recursive calls to\nitself. This could, potentially, lead to a denial of service issue.\n(CVE-2008-5029, Important)\n\n* a flaw was found in the Asynchronous Transfer Mode (ATM) subsystem.\nA local, unprivileged user could use the flaw to listen on the same\nsocket more than once, possibly causing a denial of service.\n(CVE-2008-5079, Important)\n\n* a race condition was found in the Linux kernel 'inotify' watch\nremoval and umount implementation. This could allow a local,\nunprivileged user to cause a privilege escalation or a denial of\nservice. (CVE-2008-5182, Important)\n\n* Bug fixes and enhancements are provided for :\n\n* support for specific NICs, including products from the following\nmanufacturers: Broadcom Chelsio Cisco Intel Marvell NetXen Realtek Sun\n\n* Fiber Channel support, including support for Qlogic qla2xxx,\nqla4xxx, and qla84xx HBAs and the FCoE, FCP, and zFCP protocols.\n\n* support for various CPUs, including: AMD Opteron processors with 45\nnm SOI ('Shanghai') AMD Turion Ultra processors Cell processors Intel\nCore i7 processors\n\n* Xen support, including issues specific to the IA64 platform, systems\nusing AMD processors, and Dell Optiplex GX280 systems\n\n* ext3, ext4, GFS2, NFS, and SPUFS\n\n* Infiniband (including eHCA, eHEA, and IPoIB) support\n\n* common I/O (CIO), direct I/O (DIO), and queued direct I/O (qdio)\nsupport\n\n* the kernel distributed lock manager (DLM)\n\n* hardware issues with: SCSI, IEEE 1394 (FireWire), RAID (including\nissues specific to Adaptec controllers), SATA (including NCQ), PCI,\naudio, serial connections, tape-drives, and USB\n\n* ACPI, some of a general nature and some related to specific hardware\nincluding: certain Lenovo Thinkpad notebooks, HP DC7700 systems, and\ncertain machines based on Intel Centrino processor technology.\n\n* CIFS, including Kerberos support and a tech-preview of DFS support\n\n* networking support, including IPv6, PPPoE, and IPSec\n\n* support for Intel chipsets, including: Intel Cantiga chipsets Intel\nEagle Lake chipsets Intel i915 chipsets Intel i965 chipsets Intel Ibex\nPeak chipsets Intel chipsets offering QuickPath Interconnects (QPI)\n\n* device mapping issues, including some in device mapper itself\n\n* various issues specific to IA64 and PPC\n\n* CCISS, including support for Compaq SMART Array controllers P711m\nand P712m and other new hardware\n\n* various issues affecting specific HP systems, including: DL785G5\nXW4800 XW8600 XW8600 XW9400\n\n* IOMMU support, including specific issues with AMD and IBM Calgary\nhardware\n\n* the audit subsystem\n\n* DASD support\n\n* iSCSI support, including issues specific to Chelsio T3 adapters\n\n* LVM issues\n\n* SCTP management information base (MIB) support\n\n* issues with: autofs, kdump, kobject_add, libata, lpar, ptrace, and\nutrace\n\n* IBM Power platforms using Enhanced I/O Error Handling (EEH)\n\n* EDAC issues for AMD K8 and Intel i5000\n\n* ALSA, including support for new hardware\n\n* futex support\n\n* hugepage support\n\n* Intelligent Platform Management Interface (IPMI) support\n\n* issues affecting NEC/Stratus servers\n\n* OFED support\n\n* SELinux\n\n* various Virtio issues\n\nAll users are advised to upgrade to these updated packages, which\nresolve these issues and add these enhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5029\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5300\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:0225\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/01/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2008-5029\", \"CVE-2008-5079\", \"CVE-2008-5182\", \"CVE-2008-5300\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2009:0225\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:0225\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-2.6.18-128.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-2.6.18-128.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-2.6.18-128.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-128.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-128.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-128.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-128.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-128.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-128.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-128.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-128.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-128.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-128.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-128.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"kernel-doc-2.6.18-128.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-128.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-128.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-128.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-128.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-128.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-128.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-128.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-128.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-128.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:34", "description": "Updated kernel packages that resolve several security issues are now available for Red Hat Enterprise Linux 5.2 Extended Update Support.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update includes backported fixes for four security issues. These issues only affected users of Red Hat Enterprise Linux 5.2 Extended Update Support as they have already been addressed for users of Red Hat Enterprise Linux 5 in the 5.3 update, RHSA-2009:0225.\n\nIn accordance with the support policy, future security updates to Red Hat Enterprise Linux 5.2 Extended Update Support will only include issues of critical security impact.\n\n* when fput() was called to close a socket, the __scm_destroy() function in the Linux kernel could make indirect recursive calls to itself. This could, potentially, lead to a denial of service issue.\n(CVE-2008-5029, Important)\n\n* the sendmsg() function in the Linux kernel did not block during UNIX socket garbage collection. This could, potentially, lead to a local denial of service. (CVE-2008-5300, Important)\n\n* a flaw was found in the Asynchronous Transfer Mode (ATM) subsystem.\nA local, unprivileged user could use the flaw to listen on the same socket more than once, possibly causing a denial of service.\n(CVE-2008-5079, Important)\n\n* a race condition was found in the Linux kernel 'inotify' watch removal and umount implementation. This could allow a local, unprivileged user to cause a privilege escalation or a denial of service. (CVE-2008-5182, Important)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. Note: for this update to take effect, the system must be rebooted.", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 5 : kernel (RHSA-2009:0021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5029", "CVE-2008-5079", "CVE-2008-5182", "CVE-2008-5300"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-pae", "p-cpe:/a:redhat:enterprise_linux:kernel-pae-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xen", "p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel", "cpe:/o:redhat:enterprise_linux:5.2"], "id": "REDHAT-RHSA-2009-0021.NASL", "href": "https://www.tenable.com/plugins/nessus/63871", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0021. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63871);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5029\", \"CVE-2008-5079\", \"CVE-2008-5182\", \"CVE-2008-5300\");\n script_xref(name:\"RHSA\", value:\"2009:0021\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2009:0021)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that resolve several security issues are now\navailable for Red Hat Enterprise Linux 5.2 Extended Update Support.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update includes backported fixes for four security issues. These\nissues only affected users of Red Hat Enterprise Linux 5.2 Extended\nUpdate Support as they have already been addressed for users of Red\nHat Enterprise Linux 5 in the 5.3 update, RHSA-2009:0225.\n\nIn accordance with the support policy, future security updates to Red\nHat Enterprise Linux 5.2 Extended Update Support will only include\nissues of critical security impact.\n\n* when fput() was called to close a socket, the __scm_destroy()\nfunction in the Linux kernel could make indirect recursive calls to\nitself. This could, potentially, lead to a denial of service issue.\n(CVE-2008-5029, Important)\n\n* the sendmsg() function in the Linux kernel did not block during UNIX\nsocket garbage collection. This could, potentially, lead to a local\ndenial of service. (CVE-2008-5300, Important)\n\n* a flaw was found in the Asynchronous Transfer Mode (ATM) subsystem.\nA local, unprivileged user could use the flaw to listen on the same\nsocket more than once, possibly causing a denial of service.\n(CVE-2008-5079, Important)\n\n* a race condition was found in the Linux kernel 'inotify' watch\nremoval and umount implementation. This could allow a local,\nunprivileged user to cause a privilege escalation or a denial of\nservice. (CVE-2008-5182, Important)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Note: for this update to\ntake effect, the system must be rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-5029.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-5079.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-5182.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-5300.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2009-0021.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"i686\", reference:\"kernel-2.6.18-92.1.24.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-2.6.18-92.1.24.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-2.6.18-92.1.24.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-92.1.24.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-92.1.24.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-92.1.24.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-92.1.24.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-92.1.24.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-92.1.24.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-92.1.24.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-92.1.24.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-92.1.24.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-92.1.24.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-92.1.24.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", reference:\"kernel-doc-2.6.18-92.1.24.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-92.1.24.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-92.1.24.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-92.1.24.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-92.1.24.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-92.1.24.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-92.1.24.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-92.1.24.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-92.1.24.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-92.1.24.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:07", "description": "Hugo Dias discovered that the ATM subsystem did not correctly manage socket counts. A local attacker could exploit this to cause a system hang, leading to a denial of service. (CVE-2008-5079)\n\nIt was discovered that the inotify subsystem contained watch removal race conditions. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2008-5182)\n\nDann Frazier discovered that in certain situations sendmsg did not correctly release allocated memory. A local attacker could exploit this to force the system to run out of free memory, leading to a denial of service. (CVE-2008-5300)\n\nHelge Deller discovered that PA-RISC stack unwinding was not handled correctly. A local attacker could exploit this to crash the system, leading do a denial of service. This did not affect official Ubuntu kernels, but was fixed in the source for anyone performing HPPA kernel builds. (CVE-2008-5395)\n\nIt was discovered that the ATA subsystem did not correctly set timeouts. A local attacker could exploit this to cause a system hang, leading to a denial of service. (CVE-2008-5700)\n\nIt was discovered that the ib700 watchdog timer did not correctly check buffer sizes. A local attacker could send a specially crafted ioctl to the device to cause a system crash, leading to a denial of service. (CVE-2008-5702).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Ubuntu 8.10 : linux vulnerabilities (USN-715-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5079", "CVE-2008-5182", "CVE-2008-5300", "CVE-2008-5395", "CVE-2008-5700", "CVE-2008-5702"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.27", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev", "p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.27", "cpe:/o:canonical:ubuntu_linux:8.10"], "id": "UBUNTU_USN-715-1.NASL", "href": "https://www.tenable.com/plugins/nessus/36279", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-715-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36279);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2008-5079\", \"CVE-2008-5182\", \"CVE-2008-5300\", \"CVE-2008-5395\", \"CVE-2008-5700\", \"CVE-2008-5702\");\n script_bugtraq_id(32676, 33503);\n script_xref(name:\"USN\", value:\"715-1\");\n\n script_name(english:\"Ubuntu 8.10 : linux vulnerabilities (USN-715-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Hugo Dias discovered that the ATM subsystem did not correctly manage\nsocket counts. A local attacker could exploit this to cause a system\nhang, leading to a denial of service. (CVE-2008-5079)\n\nIt was discovered that the inotify subsystem contained watch removal\nrace conditions. A local attacker could exploit this to crash the\nsystem, leading to a denial of service. (CVE-2008-5182)\n\nDann Frazier discovered that in certain situations sendmsg did not\ncorrectly release allocated memory. A local attacker could exploit\nthis to force the system to run out of free memory, leading to a\ndenial of service. (CVE-2008-5300)\n\nHelge Deller discovered that PA-RISC stack unwinding was not handled\ncorrectly. A local attacker could exploit this to crash the system,\nleading do a denial of service. This did not affect official Ubuntu\nkernels, but was fixed in the source for anyone performing HPPA kernel\nbuilds. (CVE-2008-5395)\n\nIt was discovered that the ATA subsystem did not correctly set\ntimeouts. A local attacker could exploit this to cause a system hang,\nleading to a denial of service. (CVE-2008-5700)\n\nIt was discovered that the ib700 watchdog timer did not correctly\ncheck buffer sizes. A local attacker could send a specially crafted\nioctl to the device to cause a system crash, leading to a denial of\nservice. (CVE-2008-5702).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/715-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(119, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.27\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2021 Canonical, Inc. / NASL script (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2008-5079\", \"CVE-2008-5182\", \"CVE-2008-5300\", \"CVE-2008-5395\", \"CVE-2008-5700\", \"CVE-2008-5702\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-715-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-doc-2.6.27\", pkgver:\"2.6.27-11.27\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-headers-2.6.27-11\", pkgver:\"2.6.27-11.27\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-headers-2.6.27-11-generic\", pkgver:\"2.6.27-11.27\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-headers-2.6.27-11-server\", pkgver:\"2.6.27-11.27\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-image-2.6.27-11-generic\", pkgver:\"2.6.27-11.27\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-image-2.6.27-11-server\", pkgver:\"2.6.27-11.27\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-image-2.6.27-11-virtual\", pkgver:\"2.6.27-11.27\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-libc-dev\", pkgver:\"2.6.27-11.27\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-source-2.6.27\", pkgver:\"2.6.27-11.27\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-doc-2.6.27 / linux-headers-2.6 / linux-headers-2.6-generic / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T15:44:30", "description": "Updated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update addresses the following security issues :\n\n* the sendmsg() function in the Linux kernel did not block during UNIX socket garbage collection. This could, potentially, lead to a local denial of service. (CVE-2008-5300, Important)\n\n* when fput() was called to close a socket, the __scm_destroy() function in the Linux kernel could make indirect recursive calls to itself. This could, potentially, lead to a local denial of service.\n(CVE-2008-5029, Important)\n\n* a deficiency was found in the Linux kernel virtual file system (VFS) implementation. This could allow a local, unprivileged user to make a series of file creations within deleted directories, possibly causing a denial of service. (CVE-2008-3275, Moderate)\n\n* a buffer underflow flaw was found in the Linux kernel IB700 SBC watchdog timer driver. This deficiency could lead to a possible information leak. By default, the '/dev/watchdog' device is accessible only to the root user. (CVE-2008-5702, Low)\n\n* the hfs and hfsplus file systems code failed to properly handle corrupted data structures. This could, potentially, lead to a local denial of service. (CVE-2008-4933, CVE-2008-5025, Low)\n\n* a flaw was found in the hfsplus file system implementation. This could, potentially, lead to a local denial of service when write operations were performed. (CVE-2008-4934, Low)\n\nThis update also fixes the following bugs :\n\n* when running Red Hat Enterprise Linux 4.6 and 4.7 on some systems running Intel(r) CPUs, the cpuspeed daemon did not run, preventing the CPU speed from being changed, such as not being reduced to an idle state when not in use.\n\n* mmap() could be used to gain access to beyond the first megabyte of RAM, due to insufficient checks in the Linux kernel code. Checks have been added to prevent this.\n\n* attempting to turn keyboard LEDs on and off rapidly on keyboards with slow keyboard controllers, may have caused key presses to fail.\n\n* after migrating a hypervisor guest, the MAC address table was not updated, causing packet loss and preventing network connections to the guest. Now, a gratuitous ARP request is sent after migration. This refreshes the ARP caches, minimizing network downtime.\n\n* writing crash dumps with diskdump may have caused a kernel panic on Non-Uniform Memory Access (NUMA) systems with certain memory configurations.\n\n* on big-endian systems, such as PowerPC, the getsockopt() function incorrectly returned 0 depending on the parameters passed to it when the time to live (TTL) value equaled 255, possibly causing memory corruption and application crashes.\n\n* a problem in the kernel packages provided by the RHSA-2008:0508 advisory caused the Linux kernel's built-in memory copy procedure to return the wrong error code after recovering from a page fault on AMD64 and Intel 64 systems. This may have caused other Linux kernel functions to return wrong error codes.\n\n* a divide-by-zero bug in the Linux kernel process scheduler, which may have caused kernel panics on certain systems, has been resolved.\n\n* the netconsole kernel module caused the Linux kernel to hang when slave interfaces of bonded network interfaces were started, resulting in a system hang or kernel panic when restarting the network.\n\n* the '/proc/xen/' directory existed even if systems were not running Red Hat Virtualization. This may have caused problems for third-party software that checks virtualization-ability based on the existence of '/proc/xen/'. Note: this update will remove the '/proc/xen/' directory on systems not running Red Hat Virtualization.\n\nAll Red Hat Enterprise Linux 4 users should upgrade to these updated packages, which contain backported patches to resolve these issues.", "cvss3": {}, "published": "2010-01-06T00:00:00", "type": "nessus", "title": "CentOS 4 : kernel (CESA-2009:0014)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3275", "CVE-2008-4933", "CVE-2008-4934", "CVE-2008-5025", "CVE-2008-5029", "CVE-2008-5300", "CVE-2008-5702"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-hugemem", "p-cpe:/a:centos:centos:kernel-hugemem-devel", "p-cpe:/a:centos:centos:kernel-largesmp", "p-cpe:/a:centos:centos:kernel-largesmp-devel", "p-cpe:/a:centos:centos:kernel-smp", "p-cpe:/a:centos:centos:kernel-smp-devel", "p-cpe:/a:centos:centos:kernel-xenu", "p-cpe:/a:centos:centos:kernel-xenu-devel", "cpe:/o:centos:centos:4"], "id": "CENTOS_RHSA-2009-0014.NASL", "href": "https://www.tenable.com/plugins/nessus/43727", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0014 and \n# CentOS Errata and Security Advisory 2009:0014 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43727);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-3275\", \"CVE-2008-4933\", \"CVE-2008-4934\", \"CVE-2008-5025\", \"CVE-2008-5029\", \"CVE-2008-5300\", \"CVE-2008-5702\");\n script_bugtraq_id(30647, 32093, 32154, 32289);\n script_xref(name:\"RHSA\", value:\"2009:0014\");\n\n script_name(english:\"CentOS 4 : kernel (CESA-2009:0014)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that resolve several security issues and fix\nvarious bugs are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update addresses the following security issues :\n\n* the sendmsg() function in the Linux kernel did not block during UNIX\nsocket garbage collection. This could, potentially, lead to a local\ndenial of service. (CVE-2008-5300, Important)\n\n* when fput() was called to close a socket, the __scm_destroy()\nfunction in the Linux kernel could make indirect recursive calls to\nitself. This could, potentially, lead to a local denial of service.\n(CVE-2008-5029, Important)\n\n* a deficiency was found in the Linux kernel virtual file system (VFS)\nimplementation. This could allow a local, unprivileged user to make a\nseries of file creations within deleted directories, possibly causing\na denial of service. (CVE-2008-3275, Moderate)\n\n* a buffer underflow flaw was found in the Linux kernel IB700 SBC\nwatchdog timer driver. This deficiency could lead to a possible\ninformation leak. By default, the '/dev/watchdog' device is accessible\nonly to the root user. (CVE-2008-5702, Low)\n\n* the hfs and hfsplus file systems code failed to properly handle\ncorrupted data structures. This could, potentially, lead to a local\ndenial of service. (CVE-2008-4933, CVE-2008-5025, Low)\n\n* a flaw was found in the hfsplus file system implementation. This\ncould, potentially, lead to a local denial of service when write\noperations were performed. (CVE-2008-4934, Low)\n\nThis update also fixes the following bugs :\n\n* when running Red Hat Enterprise Linux 4.6 and 4.7 on some systems\nrunning Intel(r) CPUs, the cpuspeed daemon did not run, preventing the\nCPU speed from being changed, such as not being reduced to an idle\nstate when not in use.\n\n* mmap() could be used to gain access to beyond the first megabyte of\nRAM, due to insufficient checks in the Linux kernel code. Checks have\nbeen added to prevent this.\n\n* attempting to turn keyboard LEDs on and off rapidly on keyboards\nwith slow keyboard controllers, may have caused key presses to fail.\n\n* after migrating a hypervisor guest, the MAC address table was not\nupdated, causing packet loss and preventing network connections to the\nguest. Now, a gratuitous ARP request is sent after migration. This\nrefreshes the ARP caches, minimizing network downtime.\n\n* writing crash dumps with diskdump may have caused a kernel panic on\nNon-Uniform Memory Access (NUMA) systems with certain memory\nconfigurations.\n\n* on big-endian systems, such as PowerPC, the getsockopt() function\nincorrectly returned 0 depending on the parameters passed to it when\nthe time to live (TTL) value equaled 255, possibly causing memory\ncorruption and application crashes.\n\n* a problem in the kernel packages provided by the RHSA-2008:0508\nadvisory caused the Linux kernel's built-in memory copy procedure to\nreturn the wrong error code after recovering from a page fault on\nAMD64 and Intel 64 systems. This may have caused other Linux kernel\nfunctions to return wrong error codes.\n\n* a divide-by-zero bug in the Linux kernel process scheduler, which\nmay have caused kernel panics on certain systems, has been resolved.\n\n* the netconsole kernel module caused the Linux kernel to hang when\nslave interfaces of bonded network interfaces were started, resulting\nin a system hang or kernel panic when restarting the network.\n\n* the '/proc/xen/' directory existed even if systems were not running\nRed Hat Virtualization. This may have caused problems for third-party\nsoftware that checks virtualization-ability based on the existence of\n'/proc/xen/'. Note: this update will remove the '/proc/xen/' directory\non systems not running Red Hat Virtualization.\n\nAll Red Hat Enterprise Linux 4 users should upgrade to these updated\npackages, which contain backported patches to resolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-January/015556.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9713ddeb\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-January/015557.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?84bc83a7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-hugemem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-largesmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-largesmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-smp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xenU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xenU-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/08/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-2.6.9-78.0.13.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-2.6.9-78.0.13.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-devel-2.6.9-78.0.13.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.9-78.0.13.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-doc-2.6.9-78.0.13.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-doc-2.6.9-78.0.13.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-hugemem-2.6.9-78.0.13.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-hugemem-devel-2.6.9-78.0.13.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-78.0.13.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-78.0.13.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-smp-2.6.9-78.0.13.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-smp-2.6.9-78.0.13.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-smp-devel-2.6.9-78.0.13.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-smp-devel-2.6.9-78.0.13.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-xenU-2.6.9-78.0.13.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-xenU-2.6.9-78.0.13.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-xenU-devel-2.6.9-78.0.13.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-xenU-devel-2.6.9-78.0.13.EL\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-devel / kernel-doc / kernel-hugemem / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:38:57", "description": "From Red Hat Security Advisory 2009:0014 :\n\nUpdated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update addresses the following security issues :\n\n* the sendmsg() function in the Linux kernel did not block during UNIX socket garbage collection. This could, potentially, lead to a local denial of service. (CVE-2008-5300, Important)\n\n* when fput() was called to close a socket, the __scm_destroy() function in the Linux kernel could make indirect recursive calls to itself. This could, potentially, lead to a local denial of service.\n(CVE-2008-5029, Important)\n\n* a deficiency was found in the Linux kernel virtual file system (VFS) implementation. This could allow a local, unprivileged user to make a series of file creations within deleted directories, possibly causing a denial of service. (CVE-2008-3275, Moderate)\n\n* a buffer underflow flaw was found in the Linux kernel IB700 SBC watchdog timer driver. This deficiency could lead to a possible information leak. By default, the '/dev/watchdog' device is accessible only to the root user. (CVE-2008-5702, Low)\n\n* the hfs and hfsplus file systems code failed to properly handle corrupted data structures. This could, potentially, lead to a local denial of service. (CVE-2008-4933, CVE-2008-5025, Low)\n\n* a flaw was found in the hfsplus file system implementation. This could, potentially, lead to a local denial of service when write operations were performed. (CVE-2008-4934, Low)\n\nThis update also fixes the following bugs :\n\n* when running Red Hat Enterprise Linux 4.6 and 4.7 on some systems running Intel(r) CPUs, the cpuspeed daemon did not run, preventing the CPU speed from being changed, such as not being reduced to an idle state when not in use.\n\n* mmap() could be used to gain access to beyond the first megabyte of RAM, due to insufficient checks in the Linux kernel code. Checks have been added to prevent this.\n\n* attempting to turn keyboard LEDs on and off rapidly on keyboards with slow keyboard controllers, may have caused key presses to fail.\n\n* after migrating a hypervisor guest, the MAC address table was not updated, causing packet loss and preventing network connections to the guest. Now, a gratuitous ARP request is sent after migration. This refreshes the ARP caches, minimizing network downtime.\n\n* writing crash dumps with diskdump may have caused a kernel panic on Non-Uniform Memory Access (NUMA) systems with certain memory configurations.\n\n* on big-endian systems, such as PowerPC, the getsockopt() function incorrectly returned 0 depending on the parameters passed to it when the time to live (TTL) value equaled 255, possibly causing memory corruption and application crashes.\n\n* a problem in the kernel packages provided by the RHSA-2008:0508 advisory caused the Linux kernel's built-in memory copy procedure to return the wrong error code after recovering from a page fault on AMD64 and Intel 64 systems. This may have caused other Linux kernel functions to return wrong error codes.\n\n* a divide-by-zero bug in the Linux kernel process scheduler, which may have caused kernel panics on certain systems, has been resolved.\n\n* the netconsole kernel module caused the Linux kernel to hang when slave interfaces of bonded network interfaces were started, resulting in a system hang or kernel panic when restarting the network.\n\n* the '/proc/xen/' directory existed even if systems were not running Red Hat Virtualization. This may have caused problems for third-party software that checks virtualization-ability based on the existence of '/proc/xen/'. Note: this update will remove the '/proc/xen/' directory on systems not running Red Hat Virtualization.\n\nAll Red Hat Enterprise Linux 4 users should upgrade to these updated packages, which contain backported patches to resolve these issues.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 : kernel (ELSA-2009-0014)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3275", "CVE-2008-4933", "CVE-2008-4934", "CVE-2008-5025", "CVE-2008-5029", "CVE-2008-5300", "CVE-2008-5702"], "modified": "2021-08-24T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:kernel-hugemem", "p-cpe:/a:oracle:linux:kernel-hugemem-devel", "p-cpe:/a:oracle:linux:kernel-largesmp", "p-cpe:/a:oracle:linux:kernel-largesmp-devel", "p-cpe:/a:oracle:linux:kernel-smp", "p-cpe:/a:oracle:linux:kernel-smp-devel", "p-cpe:/a:oracle:linux:kernel-xenu", "p-cpe:/a:oracle:linux:kernel-xenu-devel", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2009-0014.NASL", "href": "https://www.tenable.com/plugins/nessus/67790", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:0014 and \n# Oracle Linux Security Advisory ELSA-2009-0014 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67790);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/24\");\n\n script_cve_id(\"CVE-2008-3275\", \"CVE-2008-4933\", \"CVE-2008-4934\", \"CVE-2008-5025\", \"CVE-2008-5029\", \"CVE-2008-5300\", \"CVE-2008-5702\");\n script_bugtraq_id(30647, 32093, 32154, 32289);\n script_xref(name:\"RHSA\", value:\"2009:0014\");\n\n script_name(english:\"Oracle Linux 4 : kernel (ELSA-2009-0014)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:0014 :\n\nUpdated kernel packages that resolve several security issues and fix\nvarious bugs are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update addresses the following security issues :\n\n* the sendmsg() function in the Linux kernel did not block during UNIX\nsocket garbage collection. This could, potentially, lead to a local\ndenial of service. (CVE-2008-5300, Important)\n\n* when fput() was called to close a socket, the __scm_destroy()\nfunction in the Linux kernel could make indirect recursive calls to\nitself. This could, potentially, lead to a local denial of service.\n(CVE-2008-5029, Important)\n\n* a deficiency was found in the Linux kernel virtual file system (VFS)\nimplementation. This could allow a local, unprivileged user to make a\nseries of file creations within deleted directories, possibly causing\na denial of service. (CVE-2008-3275, Moderate)\n\n* a buffer underflow flaw was found in the Linux kernel IB700 SBC\nwatchdog timer driver. This deficiency could lead to a possible\ninformation leak. By default, the '/dev/watchdog' device is accessible\nonly to the root user. (CVE-2008-5702, Low)\n\n* the hfs and hfsplus file systems code failed to properly handle\ncorrupted data structures. This could, potentially, lead to a local\ndenial of service. (CVE-2008-4933, CVE-2008-5025, Low)\n\n* a flaw was found in the hfsplus file system implementation. This\ncould, potentially, lead to a local denial of service when write\noperations were performed. (CVE-2008-4934, Low)\n\nThis update also fixes the following bugs :\n\n* when running Red Hat Enterprise Linux 4.6 and 4.7 on some systems\nrunning Intel(r) CPUs, the cpuspeed daemon did not run, preventing the\nCPU speed from being changed, such as not being reduced to an idle\nstate when not in use.\n\n* mmap() could be used to gain access to beyond the first megabyte of\nRAM, due to insufficient checks in the Linux kernel code. Checks have\nbeen added to prevent this.\n\n* attempting to turn keyboard LEDs on and off rapidly on keyboards\nwith slow keyboard controllers, may have caused key presses to fail.\n\n* after migrating a hypervisor guest, the MAC address table was not\nupdated, causing packet loss and preventing network connections to the\nguest. Now, a gratuitous ARP request is sent after migration. This\nrefreshes the ARP caches, minimizing network downtime.\n\n* writing crash dumps with diskdump may have caused a kernel panic on\nNon-Uniform Memory Access (NUMA) systems with certain memory\nconfigurations.\n\n* on big-endian systems, such as PowerPC, the getsockopt() function\nincorrectly returned 0 depending on the parameters passed to it when\nthe time to live (TTL) value equaled 255, possibly causing memory\ncorruption and application crashes.\n\n* a problem in the kernel packages provided by the RHSA-2008:0508\nadvisory caused the Linux kernel's built-in memory copy procedure to\nreturn the wrong error code after recovering from a page fault on\nAMD64 and Intel 64 systems. This may have caused other Linux kernel\nfunctions to return wrong error codes.\n\n* a divide-by-zero bug in the Linux kernel process scheduler, which\nmay have caused kernel panics on certain systems, has been resolved.\n\n* the netconsole kernel module caused the Linux kernel to hang when\nslave interfaces of bonded network interfaces were started, resulting\nin a system hang or kernel panic when restarting the network.\n\n* the '/proc/xen/' directory existed even if systems were not running\nRed Hat Virtualization. This may have caused problems for third-party\nsoftware that checks virtualization-ability based on the existence of\n'/proc/xen/'. Note: this update will remove the '/proc/xen/' directory\non systems not running Red Hat Virtualization.\n\nAll Red Hat Enterprise Linux 4 users should upgrade to these updated\npackages, which contain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-January/000864.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-hugemem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-largesmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-largesmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-smp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xenU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xenU-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/08/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n cve_list = make_list(\"CVE-2008-3275\", \"CVE-2008-4933\", \"CVE-2008-4934\", \"CVE-2008-5025\", \"CVE-2008-5029\", \"CVE-2008-5300\", \"CVE-2008-5702\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2009-0014\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-2.6.9\") && rpm_check(release:\"EL4\", reference:\"kernel-2.6.9-78.0.13.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-devel-2.6.9\") && rpm_check(release:\"EL4\", reference:\"kernel-devel-2.6.9-78.0.13.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-doc-2.6.9\") && rpm_check(release:\"EL4\", reference:\"kernel-doc-2.6.9-78.0.13.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-hugemem-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-hugemem-2.6.9-78.0.13.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-hugemem-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-hugemem-devel-2.6.9-78.0.13.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-largesmp-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"ia64\", reference:\"kernel-largesmp-2.6.9-78.0.13.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-largesmp-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-78.0.13.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-largesmp-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"ia64\", reference:\"kernel-largesmp-devel-2.6.9-78.0.13.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-largesmp-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-78.0.13.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-smp-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-smp-2.6.9-78.0.13.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-smp-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-smp-2.6.9-78.0.13.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-smp-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-smp-devel-2.6.9-78.0.13.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-smp-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-smp-devel-2.6.9-78.0.13.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-xenU-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-xenU-2.6.9-78.0.13.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-xenU-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-xenU-2.6.9-78.0.13.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-xenU-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-xenU-devel-2.6.9-78.0.13.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-xenU-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-xenU-devel-2.6.9-78.0.13.0.1.EL\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:09", "description": "This update addresses the following security issues :\n\n - the sendmsg() function in the Linux kernel did not block during UNIX socket garbage collection. This could, potentially, lead to a local denial of service.\n (CVE-2008-5300, Important)\n\n - when fput() was called to close a socket, the\n __scm_destroy() function in the Linux kernel could make indirect recursive calls to itself. This could, potentially, lead to a local denial of service.\n (CVE-2008-5029, Important)\n\n - a deficiency was found in the Linux kernel virtual file system (VFS) implementation. This could allow a local, unprivileged user to make a series of file creations within deleted directories, possibly causing a denial of service. (CVE-2008-3275, Moderate)\n\n - a buffer underflow flaw was found in the Linux kernel IB700 SBC watchdog timer driver. This deficiency could lead to a possible information leak. By default, the '/dev/watchdog' device is accessible only to the root user. (CVE-2008-5702, Low)\n\n - the hfs and hfsplus file systems code failed to properly handle corrupted data structures. This could, potentially, lead to a local denial of service.\n (CVE-2008-4933, CVE-2008-5025, Low)\n\n - a flaw was found in the hfsplus file system implementation. This could, potentially, lead to a local denial of service when write operations were performed.\n (CVE-2008-4934, Low)\n\nThis update also fixes the following bugs :\n\n - when running Red Hat Enterprise Linux 4.6 and 4.7 on some systems running Intel&reg; CPUs, the cpuspeed daemon did not run, preventing the CPU speed from being changed, such as not being reduced to an idle state when not in use.\n\n - mmap() could be used to gain access to beyond the first megabyte of RAM, due to insufficient checks in the Linux kernel code. Checks have been added to prevent this.\n\n - attempting to turn keyboard LEDs on and off rapidly on keyboards with slow keyboard controllers, may have caused key presses to fail.\n\n - after migrating a hypervisor guest, the MAC address table was not updated, causing packet loss and preventing network connections to the guest. Now, a gratuitous ARP request is sent after migration. This refreshes the ARP caches, minimizing network downtime.\n\n - writing crash dumps with diskdump may have caused a kernel panic on Non-Uniform Memory Access (NUMA) systems with certain memory configurations.\n\n - on big-endian systems, such as PowerPC, the getsockopt() function incorrectly returned 0 depending on the parameters passed to it when the time to live (TTL) value equaled 255, possibly causing memory corruption and application crashes.\n\n - a problem in the kernel packages provided by the RHSA-2008:0508 advisory caused the Linux kernel's built-in memory copy procedure to return the wrong error code after recovering from a page fault on AMD64 and Intel 64 systems. This may have caused other Linux kernel functions to return wrong error codes.\n\n - a divide-by-zero bug in the Linux kernel process scheduler, which may have caused kernel panics on certain systems, has been resolved.\n\n - the netconsole kernel module caused the Linux kernel to hang when slave interfaces of bonded network interfaces were started, resulting in a system hang or kernel panic when restarting the network.\n\n - the '/proc/xen/' directory existed even if systems were not running Red Hat Virtualization. This may have caused problems for third-party software that checks virtualization-ability based on the existence of '/proc/xen/'. Note: this update will remove the '/proc/xen/' directory on systems not running Red Hat Virtualization.\n\nThis updated kernel-utils package adds an enhancement in the way of proper support for user-space frequency-scaling on multi-core systems.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL4.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3275", "CVE-2008-4933", "CVE-2008-4934", "CVE-2008-5025", "CVE-2008-5029", "CVE-2008-5300", "CVE-2008-5702"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090114_KERNEL_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60520", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60520);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3275\", \"CVE-2008-4933\", \"CVE-2008-4934\", \"CVE-2008-5025\", \"CVE-2008-5029\", \"CVE-2008-5300\", \"CVE-2008-5702\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses the following security issues :\n\n - the sendmsg() function in the Linux kernel did not block\n during UNIX socket garbage collection. This could,\n potentially, lead to a local denial of service.\n (CVE-2008-5300, Important)\n\n - when fput() was called to close a socket, the\n __scm_destroy() function in the Linux kernel could make\n indirect recursive calls to itself. This could,\n potentially, lead to a local denial of service.\n (CVE-2008-5029, Important)\n\n - a deficiency was found in the Linux kernel virtual file\n system (VFS) implementation. This could allow a local,\n unprivileged user to make a series of file creations\n within deleted directories, possibly causing a denial of\n service. (CVE-2008-3275, Moderate)\n\n - a buffer underflow flaw was found in the Linux kernel\n IB700 SBC watchdog timer driver. This deficiency could\n lead to a possible information leak. By default, the\n '/dev/watchdog' device is accessible only to the root\n user. (CVE-2008-5702, Low)\n\n - the hfs and hfsplus file systems code failed to properly\n handle corrupted data structures. This could,\n potentially, lead to a local denial of service.\n (CVE-2008-4933, CVE-2008-5025, Low)\n\n - a flaw was found in the hfsplus file system\n implementation. This could, potentially, lead to a local\n denial of service when write operations were performed.\n (CVE-2008-4934, Low)\n\nThis update also fixes the following bugs :\n\n - when running Red Hat Enterprise Linux 4.6 and 4.7 on\n some systems running Intel&reg; CPUs, the cpuspeed\n daemon did not run, preventing the CPU speed from being\n changed, such as not being reduced to an idle state when\n not in use.\n\n - mmap() could be used to gain access to beyond the first\n megabyte of RAM, due to insufficient checks in the Linux\n kernel code. Checks have been added to prevent this.\n\n - attempting to turn keyboard LEDs on and off rapidly on\n keyboards with slow keyboard controllers, may have\n caused key presses to fail.\n\n - after migrating a hypervisor guest, the MAC address\n table was not updated, causing packet loss and\n preventing network connections to the guest. Now, a\n gratuitous ARP request is sent after migration. This\n refreshes the ARP caches, minimizing network downtime.\n\n - writing crash dumps with diskdump may have caused a\n kernel panic on Non-Uniform Memory Access (NUMA) systems\n with certain memory configurations.\n\n - on big-endian systems, such as PowerPC, the getsockopt()\n function incorrectly returned 0 depending on the\n parameters passed to it when the time to live (TTL)\n value equaled 255, possibly causing memory corruption\n and application crashes.\n\n - a problem in the kernel packages provided by the\n RHSA-2008:0508 advisory caused the Linux kernel's\n built-in memory copy procedure to return the wrong error\n code after recovering from a page fault on AMD64 and\n Intel 64 systems. This may have caused other Linux\n kernel functions to return wrong error codes.\n\n - a divide-by-zero bug in the Linux kernel process\n scheduler, which may have caused kernel panics on\n certain systems, has been resolved.\n\n - the netconsole kernel module caused the Linux kernel to\n hang when slave interfaces of bonded network interfaces\n were started, resulting in a system hang or kernel panic\n when restarting the network.\n\n - the '/proc/xen/' directory existed even if systems were\n not running Red Hat Virtualization. This may have caused\n problems for third-party software that checks\n virtualization-ability based on the existence of\n '/proc/xen/'. Note: this update will remove the\n '/proc/xen/' directory on systems not running Red Hat\n Virtualization.\n\nThis updated kernel-utils package adds an enhancement in the way of\nproper support for user-space frequency-scaling on multi-core systems.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0901&L=scientific-linux-errata&T=0&P=1314\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?630aef0c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(20, 119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/08/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"kernel-2.6.9-78.0.13.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-devel-2.6.9-78.0.13.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-doc-2.6.9-78.0.13.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"kernel-hugemem-2.6.9-78.0.13.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"kernel-hugemem-devel-2.6.9-78.0.13.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-78.0.13.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-78.0.13.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-smp-2.6.9-78.0.13.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-smp-devel-2.6.9-78.0.13.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-utils-2.4-14.1.117.2.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-xenU-2.6.9-78.0.13.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-xenU-devel-2.6.9-78.0.13.EL\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:14:15", "description": "Hugo Dias discovered that the ATM subsystem did not correctly manage socket counts. A local attacker could exploit this to cause a system hang, leading to a denial of service. (CVE-2008-5079)\n\nIt was discovered that the libertas wireless driver did not correctly handle beacon and probe responses. A physically near-by attacker could generate specially crafted wireless network traffic and cause a denial of service. Ubuntu 6.06 was not affected. (CVE-2008-5134)\n\nIt was discovered that the inotify subsystem contained watch removal race conditions. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2008-5182)\n\nDann Frazier discovered that in certain situations sendmsg did not correctly release allocated memory. A local attacker could exploit this to force the system to run out of free memory, leading to a denial of service. Ubuntu 6.06 was not affected. (CVE-2008-5300)\n\nIt was discovered that the ATA subsystem did not correctly set timeouts. A local attacker could exploit this to cause a system hang, leading to a denial of service. (CVE-2008-5700)\n\nIt was discovered that the ib700 watchdog timer did not correctly check buffer sizes. A local attacker could send a specially crafted ioctl to the device to cause a system crash, leading to a denial of service. (CVE-2008-5702)\n\nIt was discovered that in certain situations the network scheduler did not correctly handle very large levels of traffic. A local attacker could produce a high volume of UDP traffic resulting in a system hang, leading to a denial of service. Ubuntu 8.04 was not affected.\n(CVE-2008-5713).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS / 7.10 / 8.04 LTS : linux-source-2.6.15/22, linux vulnerabilities (USN-714-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5079", "CVE-2008-5134", "CVE-2008-5182", "CVE-2008-5300", "CVE-2008-5700", "CVE-2008-5702", "CVE-2008-5713"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.15", "p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.22", "p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.24", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-server", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-xeon", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-openvz", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-rt", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-ume", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-xen", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-xeon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-cell", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpiacompat", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-openvz", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-rt", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ume", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-xen", "p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-kernel-devel", "p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev", "p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.15", "p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.22", "p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.24", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:7.10", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-714-1.NASL", "href": "https://www.tenable.com/plugins/nessus/36454", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-714-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36454);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2008-5079\", \"CVE-2008-5134\", \"CVE-2008-5182\", \"CVE-2008-5300\", \"CVE-2008-5700\", \"CVE-2008-5702\", \"CVE-2008-5713\");\n script_bugtraq_id(32676);\n script_xref(name:\"USN\", value:\"714-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 7.10 / 8.04 LTS : linux-source-2.6.15/22, linux vulnerabilities (USN-714-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Hugo Dias discovered that the ATM subsystem did not correctly manage\nsocket counts. A local attacker could exploit this to cause a system\nhang, leading to a denial of service. (CVE-2008-5079)\n\nIt was discovered that the libertas wireless driver did not correctly\nhandle beacon and probe responses. A physically near-by attacker could\ngenerate specially crafted wireless network traffic and cause a denial\nof service. Ubuntu 6.06 was not affected. (CVE-2008-5134)\n\nIt was discovered that the inotify subsystem contained watch removal\nrace conditions. A local attacker could exploit this to crash the\nsystem, leading to a denial of service. (CVE-2008-5182)\n\nDann Frazier discovered that in certain situations sendmsg did not\ncorrectly release allocated memory. A local attacker could exploit\nthis to force the system to run out of free memory, leading to a\ndenial of service. Ubuntu 6.06 was not affected. (CVE-2008-5300)\n\nIt was discovered that the ATA subsystem did not correctly set\ntimeouts. A local attacker could exploit this to cause a system hang,\nleading to a denial of service. (CVE-2008-5700)\n\nIt was discovered that the ib700 watchdog timer did not correctly\ncheck buffer sizes. A local attacker could send a specially crafted\nioctl to the device to cause a system crash, leading to a denial of\nservice. (CVE-2008-5702)\n\nIt was discovered that in certain situations the network scheduler did\nnot correctly handle very large levels of traffic. A local attacker\ncould produce a high volume of UDP traffic resulting in a system hang,\nleading to a denial of service. Ubuntu 8.04 was not affected.\n(CVE-2008-5713).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/714-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(119, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-xeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-openvz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-ume\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-xeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-cell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpiacompat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-openvz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ume\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.24\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2021 Canonical, Inc. / NASL script (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|7\\.10|8\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 7.10 / 8.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2008-5079\", \"CVE-2008-5134\", \"CVE-2008-5182\", \"CVE-2008-5300\", \"CVE-2008-5700\", \"CVE-2008-5702\", \"CVE-2008-5713\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-714-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-doc-2.6.15\", pkgver:\"2.6.15-53.75\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-53\", pkgver:\"2.6.15-53.75\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-53-386\", pkgver:\"2.6.15-53.75\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-53-686\", pkgver:\"2.6.15-53.75\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-53-amd64-generic\", pkgver:\"2.6.15-53.75\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-53-amd64-k8\", pkgver:\"2.6.15-53.75\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-53-amd64-server\", pkgver:\"2.6.15-53.75\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-53-amd64-xeon\", pkgver:\"2.6.15-53.75\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-53-server\", pkgver:\"2.6.15-53.75\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-53-386\", pkgver:\"2.6.15-53.75\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-53-686\", pkgver:\"2.6.15-53.75\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-53-amd64-generic\", pkgver:\"2.6.15-53.75\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-53-amd64-k8\", pkgver:\"2.6.15-53.75\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-53-amd64-server\", pkgver:\"2.6.15-53.75\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-53-amd64-xeon\", pkgver:\"2.6.15-53.75\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-53-server\", pkgver:\"2.6.15-53.75\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-kernel-devel\", pkgver:\"2.6.15-53.75\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-source-2.6.15\", pkgver:\"2.6.15-53.75\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-doc-2.6.22\", pkgver:\"2.6.22-16.61\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-16\", pkgver:\"2.6.22-16.61\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-16-386\", pkgver:\"2.6.22-16.61\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-16-generic\", pkgver:\"2.6.22-16.61\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-16-rt\", pkgver:\"2.6.22-16.61\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-16-server\", pkgver:\"2.6.22-16.61\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-16-ume\", pkgver:\"2.6.22-16.61\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-16-virtual\", pkgver:\"2.6.22-16.61\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-16-xen\", pkgver:\"2.6.22-16.61\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-386\", pkgver:\"2.6.22-16.61\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-cell\", pkgver:\"2.6.22-16.61\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-generic\", pkgver:\"2.6.22-16.61\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-lpia\", pkgver:\"2.6.22-16.61\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-lpiacompat\", pkgver:\"2.6.22-16.61\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-rt\", pkgver:\"2.6.22-16.61\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-server\", pkgver:\"2.6.22-16.61\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-ume\", pkgver:\"2.6.22-16.61\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-virtual\", pkgver:\"2.6.22-16.61\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-xen\", pkgver:\"2.6.22-16.61\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-debug-2.6.22-16-386\", pkgver:\"2.6.22-16.61\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-debug-2.6.22-16-generic\", pkgver:\"2.6.22-16.61\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-debug-2.6.22-16-server\", pkgver:\"2.6.22-16.61\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-debug-2.6.22-16-virtual\", pkgver:\"2.6.22-16.61\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-kernel-devel\", pkgver:\"2.6.22-16.61\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-libc-dev\", pkgver:\"2.6.22-16.61\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-source-2.6.22\", pkgver:\"2.6.22-16.61\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-doc-2.6.24\", pkgver:\"2.6.24-23.48\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-23\", pkgver:\"2.6.24-23.48\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-23-386\", pkgver:\"2.6.24-23.48\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-23-generic\", pkgver:\"2.6.24-23.48\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-23-openvz\", pkgver:\"2.6.24-23.48\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-23-rt\", pkgver:\"2.6.24-23.48\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-23-server\", pkgver:\"2.6.24-23.48\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-23-virtual\", pkgver:\"2.6.24-23.48\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-23-xen\", pkgver:\"2.6.24-23.48\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-386\", pkgver:\"2.6.24-23.48\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-generic\", pkgver:\"2.6.24-23.48\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-lpia\", pkgver:\"2.6.24-23.48\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-lpiacompat\", pkgver:\"2.6.24-23.48\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-openvz\", pkgver:\"2.6.24-23.48\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-rt\", pkgver:\"2.6.24-23.48\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-server\", pkgver:\"2.6.24-23.48\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-virtual\", pkgver:\"2.6.24-23.48\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-xen\", pkgver:\"2.6.24-23.48\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-debug-2.6.24-23-386\", pkgver:\"2.6.24-23.48\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-debug-2.6.24-23-generic\", pkgver:\"2.6.24-23.48\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-debug-2.6.24-23-server\", pkgver:\"2.6.24-23.48\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-debug-2.6.24-23-virtual\", pkgver:\"2.6.24-23.48\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-kernel-devel\", pkgver:\"2.6.24-23.48\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-libc-dev\", pkgver:\"2.6.24-23.48\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-source-2.6.24\", pkgver:\"2.6.24-23.48\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-doc-2.6.15 / linux-doc-2.6.22 / linux-doc-2.6.24 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:19", "description": "Updated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update addresses the following security issues :\n\n* the sendmsg() function in the Linux kernel did not block during UNIX socket garbage collection. This could, potentially, lead to a local denial of service. (CVE-2008-5300, Important)\n\n* when fput() was called to close a socket, the __scm_destroy() function in the Linux kernel could make indirect recursive calls to itself. This could, potentially, lead to a local denial of service.\n(CVE-2008-5029, Important)\n\n* a deficiency was found in the Linux kernel virtual file system (VFS) implementation. This could allow a local, unprivileged user to make a series of file creations within deleted directories, possibly causing a denial of service. (CVE-2008-3275, Moderate)\n\n* a buffer underflow flaw was found in the Linux kernel IB700 SBC watchdog timer driver. This deficiency could lead to a possible information leak. By default, the '/dev/watchdog' device is accessible only to the root user. (CVE-2008-5702, Low)\n\n* the hfs and hfsplus file systems code failed to properly handle corrupted data structures. This could, potentially, lead to a local denial of service. (CVE-2008-4933, CVE-2008-5025, Low)\n\n* a flaw was found in the hfsplus file system implementation. This could, potentially, lead to a local denial of service when write operations were performed. (CVE-2008-4934, Low)\n\nThis update also fixes the following bugs :\n\n* when running Red Hat Enterprise Linux 4.6 and 4.7 on some systems running Intel(r) CPUs, the cpuspeed daemon did not run, preventing the CPU speed from being changed, such as not being reduced to an idle state when not in use.\n\n* mmap() could be used to gain access to beyond the first megabyte of RAM, due to insufficient checks in the Linux kernel code. Checks have been added to prevent this.\n\n* attempting to turn keyboard LEDs on and off rapidly on keyboards with slow keyboard controllers, may have caused key presses to fail.\n\n* after migrating a hypervisor guest, the MAC address table was not updated, causing packet loss and preventing network connections to the guest. Now, a gratuitous ARP request is sent after migration. This refreshes the ARP caches, minimizing network downtime.\n\n* writing crash dumps with diskdump may have caused a kernel panic on Non-Uniform Memory Access (NUMA) systems with certain memory configurations.\n\n* on big-endian systems, such as PowerPC, the getsockopt() function incorrectly returned 0 depending on the parameters passed to it when the time to live (TTL) value equaled 255, possibly causing memory corruption and application crashes.\n\n* a problem in the kernel packages provided by the RHSA-2008:0508 advisory caused the Linux kernel's built-in memory copy procedure to return the wrong error code after recovering from a page fault on AMD64 and Intel 64 systems. This may have caused other Linux kernel functions to return wrong error codes.\n\n* a divide-by-zero bug in the Linux kernel process scheduler, which may have caused kernel panics on certain systems, has been resolved.\n\n* the netconsole kernel module caused the Linux kernel to hang when slave interfaces of bonded network interfaces were started, resulting in a system hang or kernel panic when restarting the network.\n\n* the '/proc/xen/' directory existed even if systems were not running Red Hat Virtualization. This may have caused problems for third-party software that checks virtualization-ability based on the existence of '/proc/xen/'. Note: this update will remove the '/proc/xen/' directory on systems not running Red Hat Virtualization.\n\nAll Red Hat Enterprise Linux 4 users should upgrade to these updated packages, which contain backported patches to resolve these issues.", "cvss3": {}, "published": "2009-01-15T00:00:00", "type": "nessus", "title": "RHEL 4 : kernel (RHSA-2009:0014)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3275", "CVE-2008-4933", "CVE-2008-4934", "CVE-2008-5025", "CVE-2008-5029", "CVE-2008-5300", "CVE-2008-5702"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-hugemem", "p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-largesmp", "p-cpe:/a:redhat:enterprise_linux:kernel-largesmp-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-smp", "p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xenu", "p-cpe:/a:redhat:enterprise_linux:kernel-xenu-devel", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.7"], "id": "REDHAT-RHSA-2009-0014.NASL", "href": "https://www.tenable.com/plugins/nessus/35381", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0014. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35381);\n script_version(\"1.32\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3275\", \"CVE-2008-4933\", \"CVE-2008-4934\", \"CVE-2008-5025\", \"CVE-2008-5029\", \"CVE-2008-5300\", \"CVE-2008-5702\");\n script_bugtraq_id(30647, 32093, 32154, 32289);\n script_xref(name:\"RHSA\", value:\"2009:0014\");\n\n script_name(english:\"RHEL 4 : kernel (RHSA-2009:0014)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that resolve several security issues and fix\nvarious bugs are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update addresses the following security issues :\n\n* the sendmsg() function in the Linux kernel did not block during UNIX\nsocket garbage collection. This could, potentially, lead to a local\ndenial of service. (CVE-2008-5300, Important)\n\n* when fput() was called to close a socket, the __scm_destroy()\nfunction in the Linux kernel could make indirect recursive calls to\nitself. This could, potentially, lead to a local denial of service.\n(CVE-2008-5029, Important)\n\n* a deficiency was found in the Linux kernel virtual file system (VFS)\nimplementation. This could allow a local, unprivileged user to make a\nseries of file creations within deleted directories, possibly causing\na denial of service. (CVE-2008-3275, Moderate)\n\n* a buffer underflow flaw was found in the Linux kernel IB700 SBC\nwatchdog timer driver. This deficiency could lead to a possible\ninformation leak. By default, the '/dev/watchdog' device is accessible\nonly to the root user. (CVE-2008-5702, Low)\n\n* the hfs and hfsplus file systems code failed to properly handle\ncorrupted data structures. This could, potentially, lead to a local\ndenial of service. (CVE-2008-4933, CVE-2008-5025, Low)\n\n* a flaw was found in the hfsplus file system implementation. This\ncould, potentially, lead to a local denial of service when write\noperations were performed. (CVE-2008-4934, Low)\n\nThis update also fixes the following bugs :\n\n* when running Red Hat Enterprise Linux 4.6 and 4.7 on some systems\nrunning Intel(r) CPUs, the cpuspeed daemon did not run, preventing the\nCPU speed from being changed, such as not being reduced to an idle\nstate when not in use.\n\n* mmap() could be used to gain access to beyond the first megabyte of\nRAM, due to insufficient checks in the Linux kernel code. Checks have\nbeen added to prevent this.\n\n* attempting to turn keyboard LEDs on and off rapidly on keyboards\nwith slow keyboard controllers, may have caused key presses to fail.\n\n* after migrating a hypervisor guest, the MAC address table was not\nupdated, causing packet loss and preventing network connections to the\nguest. Now, a gratuitous ARP request is sent after migration. This\nrefreshes the ARP caches, minimizing network downtime.\n\n* writing crash dumps with diskdump may have caused a kernel panic on\nNon-Uniform Memory Access (NUMA) systems with certain memory\nconfigurations.\n\n* on big-endian systems, such as PowerPC, the getsockopt() function\nincorrectly returned 0 depending on the parameters passed to it when\nthe time to live (TTL) value equaled 255, possibly causing memory\ncorruption and application crashes.\n\n* a problem in the kernel packages provided by the RHSA-2008:0508\nadvisory caused the Linux kernel's built-in memory copy procedure to\nreturn the wrong error code after recovering from a page fault on\nAMD64 and Intel 64 systems. This may have caused other Linux kernel\nfunctions to return wrong error codes.\n\n* a divide-by-zero bug in the Linux kernel process scheduler, which\nmay have caused kernel panics on certain systems, has been resolved.\n\n* the netconsole kernel module caused the Linux kernel to hang when\nslave interfaces of bonded network interfaces were started, resulting\nin a system hang or kernel panic when restarting the network.\n\n* the '/proc/xen/' directory existed even if systems were not running\nRed Hat Virtualization. This may have caused problems for third-party\nsoftware that checks virtualization-ability based on the existence of\n'/proc/xen/'. Note: this update will remove the '/proc/xen/' directory\non systems not running Red Hat Virtualization.\n\nAll Red Hat Enterprise Linux 4 users should upgrade to these updated\npackages, which contain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5029\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5300\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:0014\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xenU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xenU-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/08/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/01/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2008-3275\", \"CVE-2008-4933\", \"CVE-2008-4934\", \"CVE-2008-5025\", \"CVE-2008-5029\", \"CVE-2008-5300\", \"CVE-2008-5702\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2009:0014\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:0014\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"kernel-2.6.9-78.0.13.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"kernel-devel-2.6.9-78.0.13.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"kernel-doc-2.6.9-78.0.13.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-hugemem-2.6.9-78.0.13.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-hugemem-devel-2.6.9-78.0.13.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-78.0.13.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-78.0.13.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-smp-2.6.9-78.0.13.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-smp-2.6.9-78.0.13.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-smp-devel-2.6.9-78.0.13.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-smp-devel-2.6.9-78.0.13.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-xenU-2.6.9-78.0.13.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-xenU-2.6.9-78.0.13.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-xenU-devel-2.6.9-78.0.13.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-xenU-devel-2.6.9-78.0.13.EL\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-devel / kernel-doc / kernel-hugemem / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:17", "description": "CVE-2008-5029 kernel: Unix sockets kernel panic\n\nCVE-2008-5300 kernel: fix soft lockups/OOM issues with unix socket garbage collector\n\nCVE-2009-1337 kernel: exit_notify: kill the wrong capable(CAP_KILL) check\n\nCVE-2009-1385 kernel: e1000_clean_rx_irq() denial of service\n\nCVE-2009-1895 kernel: personality: fix PER_CLEAR_ON_SETID\n\nCVE-2009-2848 kernel: execve: must clear current->clear_child_tid\n\nCVE-2009-3001, CVE-2009-3002 kernel: numerous getname() infoleaks 520300 - kernel: ipv4: make ip_append_data() handle NULL routing table [rhel-3]\n\nCVE-2009-3547 kernel: fs: pipe.c NULL pointer dereference\n\nSecurity fixes :\n\n - when fput() was called to close a socket, the\n __scm_destroy() function in the Linux kernel could make indirect recursive calls to itself. This could,potentially, lead to a denial of service issue.\n (CVE-2008-5029, Important)\n\n - the sendmsg() function in the Linux kernel did not block during UNIX socket garbage collection. This could, potentially, lead to a local denial of service.\n (CVE-2008-5300, Important)\n\n - the exit_notify() function in the Linux kernel did not properly reset the exit signal if a process executed a set user ID (setuid) application before exiting. This could allow a local, unprivileged user to elevate their privileges. (CVE-2009-1337, Important)\n\n - a flaw was found in the Intel PRO/1000 network driver in the Linux kernel. Frames with sizes near the MTU of an interface may be split across multiple hardware receive descriptors. Receipt of such a frame could leak through a validation check, leading to a corruption of the length check. A remote attacker could use this flaw to send a specially crafted packet that would cause a denial of service or code execution. (CVE-2009-1385, Important)\n\n - the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared when a setuid or setgid program was executed. A local, unprivileged user could use this flaw to bypass the mmap_min_addr protection mechanism and perform a NULL pointer dereference attack, or bypass the Address Space Layout Randomization (ASLR) security feature.\n (CVE-2009-1895, Important)\n\n - it was discovered that, when executing a new process, the clear_child_tid pointer in the Linux kernel is not cleared. If this pointer points to a writable portion of the memory of the new program, the kernel could corrupt four bytes of memory, possibly leading to a local denial of service or privilege escalation. (CVE-2009-2848, Important)\n\n - missing initialization flaws were found in getname() implementations in the IrDA sockets, AppleTalk DDP protocol, NET/ROM protocol, and ROSE protocol implementations in the Linux kernel. Certain data structures in these getname() implementations were not initialized properly before being copied to user-space.\n These flaws could lead to an information leak.\n (CVE-2009-3002, Important)\n\n - a NULL pointer dereference flaw was found in each of the following functions in the Linux kernel:\n pipe_read_open(), pipe_write_open(), and pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could be released by other processes before it is used to update the pipe's reader and writer counters. This could lead to a local denial of service or privilege escalation. (CVE-2009-3547, Important)\n\nBug fixes :\n\n - this update adds the mmap_min_addr tunable and restriction checks to help prevent unprivileged users from creating new memory mappings below the minimum address. This can help prevent the exploitation of NULL pointer dereference bugs. Note that mmap_min_addr is set to zero (disabled) by default for backwards compatibility. (BZ#512642)\n\n - a bridge reference count problem in IPv6 has been fixed.\n (BZ#457010)\n\n - enforce null-termination of user-supplied arguments to setsockopt(). (BZ#505514)\n\n - the gcc flag '-fno-delete-null-pointer-checks' was added to the kernel build options. This prevents gcc from optimizing out NULL pointer checks after the first use of a pointer. NULL pointer bugs are often exploited by attackers. Keeping these checks is a safety measure.\n (BZ#511185)\n\n - a check has been added to the IPv4 code to make sure that rt is not NULL, to help prevent future bugs in functions that call ip_append_data() from being exploitable. (BZ#520300)\n\nThe system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL3.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5029", "CVE-2008-5300", "CVE-2009-1337", "CVE-2009-1385", "CVE-2009-1895", "CVE-2009-2848", "CVE-2009-3001", "CVE-2009-3002", "CVE-2009-3547"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20091103_KERNEL_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60688", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60688);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5029\", \"CVE-2008-5300\", \"CVE-2009-1337\", \"CVE-2009-1385\", \"CVE-2009-1895\", \"CVE-2009-2848\", \"CVE-2009-3001\", \"CVE-2009-3002\", \"CVE-2009-3547\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL3.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2008-5029 kernel: Unix sockets kernel panic\n\nCVE-2008-5300 kernel: fix soft lockups/OOM issues with unix socket\ngarbage collector\n\nCVE-2009-1337 kernel: exit_notify: kill the wrong capable(CAP_KILL)\ncheck\n\nCVE-2009-1385 kernel: e1000_clean_rx_irq() denial of service\n\nCVE-2009-1895 kernel: personality: fix PER_CLEAR_ON_SETID\n\nCVE-2009-2848 kernel: execve: must clear current->clear_child_tid\n\nCVE-2009-3001, CVE-2009-3002 kernel: numerous getname() infoleaks\n520300 - kernel: ipv4: make ip_append_data() handle NULL routing table\n[rhel-3]\n\nCVE-2009-3547 kernel: fs: pipe.c NULL pointer dereference\n\nSecurity fixes :\n\n - when fput() was called to close a socket, the\n __scm_destroy() function in the Linux kernel could make\n indirect recursive calls to itself. This\n could,potentially, lead to a denial of service issue.\n (CVE-2008-5029, Important)\n\n - the sendmsg() function in the Linux kernel did not block\n during UNIX socket garbage collection. This could,\n potentially, lead to a local denial of service.\n (CVE-2008-5300, Important)\n\n - the exit_notify() function in the Linux kernel did not\n properly reset the exit signal if a process executed a\n set user ID (setuid) application before exiting. This\n could allow a local, unprivileged user to elevate their\n privileges. (CVE-2009-1337, Important)\n\n - a flaw was found in the Intel PRO/1000 network driver in\n the Linux kernel. Frames with sizes near the MTU of an\n interface may be split across multiple hardware receive\n descriptors. Receipt of such a frame could leak through\n a validation check, leading to a corruption of the\n length check. A remote attacker could use this flaw to\n send a specially crafted packet that would cause a\n denial of service or code execution. (CVE-2009-1385,\n Important)\n\n - the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not\n cleared when a setuid or setgid program was executed. A\n local, unprivileged user could use this flaw to bypass\n the mmap_min_addr protection mechanism and perform a\n NULL pointer dereference attack, or bypass the Address\n Space Layout Randomization (ASLR) security feature.\n (CVE-2009-1895, Important)\n\n - it was discovered that, when executing a new process,\n the clear_child_tid pointer in the Linux kernel is not\n cleared. If this pointer points to a writable portion of\n the memory of the new program, the kernel could corrupt\n four bytes of memory, possibly leading to a local denial\n of service or privilege escalation. (CVE-2009-2848,\n Important)\n\n - missing initialization flaws were found in getname()\n implementations in the IrDA sockets, AppleTalk DDP\n protocol, NET/ROM protocol, and ROSE protocol\n implementations in the Linux kernel. Certain data\n structures in these getname() implementations were not\n initialized properly before being copied to user-space.\n These flaws could lead to an information leak.\n (CVE-2009-3002, Important)\n\n - a NULL pointer dereference flaw was found in each of the\n following functions in the Linux kernel:\n pipe_read_open(), pipe_write_open(), and\n pipe_rdwr_open(). When the mutex lock is not held, the\n i_pipe pointer could be released by other processes\n before it is used to update the pipe's reader and writer\n counters. This could lead to a local denial of service\n or privilege escalation. (CVE-2009-3547, Important)\n\nBug fixes :\n\n - this update adds the mmap_min_addr tunable and\n restriction checks to help prevent unprivileged users\n from creating new memory mappings below the minimum\n address. This can help prevent the exploitation of NULL\n pointer dereference bugs. Note that mmap_min_addr is set\n to zero (disabled) by default for backwards\n compatibility. (BZ#512642)\n\n - a bridge reference count problem in IPv6 has been fixed.\n (BZ#457010)\n\n - enforce null-termination of user-supplied arguments to\n setsockopt(). (BZ#505514)\n\n - the gcc flag '-fno-delete-null-pointer-checks' was added\n to the kernel build options. This prevents gcc from\n optimizing out NULL pointer checks after the first use\n of a pointer. NULL pointer bugs are often exploited by\n attackers. Keeping these checks is a safety measure.\n (BZ#511185)\n\n - a check has been added to the IPv4 code to make sure\n that rt is not NULL, to help prevent future bugs in\n functions that call ip_append_data() from being\n exploitable. (BZ#520300)\n\nThe system must be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=457010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=505514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=511185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=512642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=520300\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0911&L=scientific-linux-errata&T=0&P=599\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1f8d1106\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 189, 200, 264, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"kernel-2.4.21-63.EL\")) flag++;\nif (rpm_check(release:\"SL3\", cpu:\"i386\", reference:\"kernel-BOOT-2.4.21-63.EL\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"kernel-doc-2.4.21-63.EL\")) flag++;\nif (rpm_check(release:\"SL3\", cpu:\"i386\", reference:\"kernel-hugemem-2.4.21-63.EL\")) flag++;\nif (rpm_check(release:\"SL3\", cpu:\"i386\", reference:\"kernel-hugemem-unsupported-2.4.21-63.EL\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"kernel-smp-2.4.21-63.EL\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"kernel-smp-unsupported-2.4.21-63.EL\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"kernel-source-2.4.21-63.EL\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"kernel-unsupported-2.4.21-63.EL\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T15:48:38", "description": "a. Service Console update for COS kernel\n\n The service console package kernel is updated to version 2.4.21-63.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-5029, CVE-2008-5300, CVE-2009-1337, CVE-2009-1385, CVE-2009-1895, CVE-2009-2848, CVE-2009-3002, and CVE-2009-3547 to the security issues fixed in kernel-2.4.21-63.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2698, CVE-2009-2692 to the security issues fixed in kernel-2.4.21-60.", "cvss3": {}, "published": "2010-06-28T00:00:00", "type": "nessus", "title": "VMSA-2010-0010 : ESX 3.5 third-party update for Service Console kernel", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5029", "CVE-2008-5300", "CVE-2009-1337", "CVE-2009-1385", "CVE-2009-1895", "CVE-2009-2692", "CVE-2009-2698", "CVE-2009-2848", "CVE-2009-3002", "CVE-2009-3547"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esx:3.5"], "id": "VMWARE_VMSA-2010-0010.NASL", "href": "https://www.tenable.com/plugins/nessus/47150", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2010-0010. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47150);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-5029\", \"CVE-2008-5300\", \"CVE-2009-1337\", \"CVE-2009-1385\", \"CVE-2009-1895\", \"CVE-2009-2692\", \"CVE-2009-2698\", \"CVE-2009-2848\", \"CVE-2009-3002\", \"CVE-2009-3547\");\n script_bugtraq_id(32154, 34405, 35185, 35647, 35930, 36038, 36108, 36176, 36901);\n script_xref(name:\"VMSA\", value:\"2010-0010\");\n\n script_name(english:\"VMSA-2010-0010 : ESX 3.5 third-party update for Service Console kernel\");\n script_summary(english:\"Checks esxupdate output for the patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote VMware ESX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"a. Service Console update for COS kernel\n\n The service console package kernel is updated to version 2.4.21-63.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-5029, CVE-2008-5300, CVE-2009-1337,\n CVE-2009-1385, CVE-2009-1895, CVE-2009-2848, CVE-2009-3002, and\n CVE-2009-3547 to the security issues fixed in kernel-2.4.21-63.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-2698, CVE-2009-2692 to the security\n issues fixed in kernel-2.4.21-60.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2010/000098.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel Sendpage Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 119, 189, 200, 264, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2010-06-24\");\nflag = 0;\n\n\nif (esx_check(ver:\"ESX 3.5.0\", patch:\"ESX350-201006401-SG\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:24", "description": "This update fixes various security issues and several bugs in the openSUSE 11.0 kernel. It was also updated to the stable version 2.6.25.20.\n\nCVE-2008-5702: Buffer underflow in the ibwdt_ioctl function in drivers/watchdog/ib700wdt.c might allow local users to have an unknown impact via a certain /dev/watchdog WDIOC_SETTIMEOUT IOCTL call.\n\nCVE-2008-5700: libata did not set minimum timeouts for SG_IO requests, which allows local users to cause a denial of service (Programmed I/O mode on drives) via multiple simultaneous invocations of an unspecified test program.\n\nCVE-2008-5079: net/atm/svc.c in the ATM subsystem allowed local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, related to corruption of the vcc table.\n\nCVE-2008-5300: Linux kernel 2.6.28 allows local users to cause a denial of service ('soft lockup' and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029.\n\nCVE-2008-5029: The __scm_destroy function in net/core/scm.c makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain socket and closing file descriptors.\n\nCVE-2008-4933: Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog.c allowed attackers to cause a denial of service (memory corruption or system crash) via an hfsplus filesystem image with an invalid catalog namelength field, related to the hfsplus_cat_build_key_uni function.\n\nCVE-2008-5025: Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hfs/catalog.c allowed attackers to cause a denial of service (memory corruption or system crash) via an hfs filesystem image with an invalid catalog namelength field, a related issue to CVE-2008-4933.\n\nCVE-2008-5182: The inotify functionality might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount.\n\nCVE-2008-3831: The i915 driver in drivers/char/drm/i915_dma.c does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial of service (memory corruption) via a crafted ioctl call, related to absence of the DRM_MASTER and DRM_ROOT_ONLY flags in the ioctl's configuration.\n\nCVE-2008-4554: The do_splice_from function in fs/splice.c did not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file.", "cvss3": {}, "published": "2009-07-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : kernel (kernel-423)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3831", "CVE-2008-4554", "CVE-2008-4933", "CVE-2008-5025", "CVE-2008-5029", "CVE-2008-5079", "CVE-2008-5182", "CVE-2008-5300", "CVE-2008-5700", "CVE-2008-5702"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-rt", "p-cpe:/a:novell:opensuse:kernel-rt_debug", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-xen", "cpe:/o:novell:opensuse:11.0"], "id": "SUSE_11_0_KERNEL-090114.NASL", "href": "https://www.tenable.com/plugins/nessus/40011", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update kernel-423.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40011);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3831\", \"CVE-2008-4554\", \"CVE-2008-4933\", \"CVE-2008-5025\", \"CVE-2008-5029\", \"CVE-2008-5079\", \"CVE-2008-5182\", \"CVE-2008-5300\", \"CVE-2008-5700\", \"CVE-2008-5702\");\n\n script_name(english:\"openSUSE Security Update : kernel (kernel-423)\");\n script_summary(english:\"Check for the kernel-423 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes various security issues and several bugs in the\nopenSUSE 11.0 kernel. It was also updated to the stable version\n2.6.25.20.\n\nCVE-2008-5702: Buffer underflow in the ibwdt_ioctl function in\ndrivers/watchdog/ib700wdt.c might allow local users to have an unknown\nimpact via a certain /dev/watchdog WDIOC_SETTIMEOUT IOCTL call.\n\nCVE-2008-5700: libata did not set minimum timeouts for SG_IO requests,\nwhich allows local users to cause a denial of service (Programmed I/O\nmode on drives) via multiple simultaneous invocations of an\nunspecified test program.\n\nCVE-2008-5079: net/atm/svc.c in the ATM subsystem allowed local users\nto cause a denial of service (kernel infinite loop) by making two\ncalls to svc_listen for the same socket, and then reading a\n/proc/net/atm/*vc file, related to corruption of the vcc table.\n\nCVE-2008-5300: Linux kernel 2.6.28 allows local users to cause a\ndenial of service ('soft lockup' and process loss) via a large number\nof sendmsg function calls, which does not block during AF_UNIX garbage\ncollection and triggers an OOM condition, a different vulnerability\nthan CVE-2008-5029.\n\nCVE-2008-5029: The __scm_destroy function in net/core/scm.c makes\nindirect recursive calls to itself through calls to the fput function,\nwhich allows local users to cause a denial of service (panic) via\nvectors related to sending an SCM_RIGHTS message through a UNIX domain\nsocket and closing file descriptors.\n\nCVE-2008-4933: Buffer overflow in the hfsplus_find_cat function in\nfs/hfsplus/catalog.c allowed attackers to cause a denial of service\n(memory corruption or system crash) via an hfsplus filesystem image\nwith an invalid catalog namelength field, related to the\nhfsplus_cat_build_key_uni function.\n\nCVE-2008-5025: Stack-based buffer overflow in the hfs_cat_find_brec\nfunction in fs/hfs/catalog.c allowed attackers to cause a denial of\nservice (memory corruption or system crash) via an hfs filesystem\nimage with an invalid catalog namelength field, a related issue to\nCVE-2008-4933.\n\nCVE-2008-5182: The inotify functionality might allow local users to\ngain privileges via unknown vectors related to race conditions in\ninotify watch removal and umount.\n\nCVE-2008-3831: The i915 driver in drivers/char/drm/i915_dma.c does not\nrestrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager\n(DRM) master, which allows local users to cause a denial of service\n(memory corruption) via a crafted ioctl call, related to absence of\nthe DRM_MASTER and DRM_ROOT_ONLY flags in the ioctl's configuration.\n\nCVE-2008-4554: The do_splice_from function in fs/splice.c did not\nreject file descriptors that have the O_APPEND flag set, which allows\nlocal users to bypass append mode and make arbitrary changes to other\nlocations in the file.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=362850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=371657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=399966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=405546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=419250\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=429919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=439461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=442364\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=442594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=443640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=443661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=445569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=446973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=447241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=447406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=450417\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=457896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=457897\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=457898\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(119, 264, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"kernel-debug-2.6.25.20-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"kernel-default-2.6.25.20-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"kernel-pae-2.6.25.20-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"kernel-rt-2.6.25.20-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"kernel-rt_debug-2.6.25.20-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"kernel-source-2.6.25.20-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"kernel-syms-2.6.25.20-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"kernel-vanilla-2.6.25.20-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"kernel-xen-2.6.25.20-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-default / kernel-pae / kernel-rt / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:47:09", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2008-3527 Tavis Ormandy reported a local DoS and potential privilege escalation in the Virtual Dynamic Shared Objects (vDSO) implementation.\n\n - CVE-2008-3528 Eugene Teo reported a local DoS issue in the ext2 and ext3 filesystems. Local users who have been granted the privileges necessary to mount a filesystem would be able to craft a corrupted filesystem that causes the kernel to output error messages in an infinite loop.\n\n - CVE-2008-4554 Milos Szeredi reported that the usage of splice() on files opened with O_APPEND allows users to write to the file at arbitrary offsets, enabling a bypass of possible assumed semantics of the O_APPEND flag.\n\n - CVE-2008-4576 Vlad Yasevich reported an issue in the SCTP subsystem that may allow remote users to cause a local DoS by triggering a kernel oops.\n\n - CVE-2008-4933 Eric Sesterhenn reported a local DoS issue in the hfsplus filesystem. Local users who have been granted the privileges necessary to mount a filesystem would be able to craft a corrupted filesystem that causes the kernel to overrun a buffer, resulting in a system oops or memory corruption.\n\n - CVE-2008-4934 Eric Sesterhenn reported a local DoS issue in the hfsplus filesystem. Local users who have been granted the privileges necessary to mount a filesystem would be able to craft a corrupted filesystem that results in a kernel oops due to an unchecked return value.\n\n - CVE-2008-5025 Eric Sesterhenn reported a local DoS issue in the hfs filesystem. Local users who have been granted the privileges necessary to mount a filesystem would be able to craft a filesystem with a corrupted catalog name length, resulting in a system oops or memory corruption.\n\n - CVE-2008-5029 Andrea Bittau reported a DoS issue in the unix socket subsystem that allows a local user to cause memory corruption, resulting in a kernel panic.\n\n - CVE-2008-5079 Hugo Dias reported a DoS condition in the ATM subsystem that can be triggered by a local user by calling the svc_listen function twice on the same socket and reading /proc/net/atm/*vc.\n\n - CVE-2008-5182 Al Viro reported race conditions in the inotify subsystem that may allow local users to acquire elevated privileges.\n\n - CVE-2008-5300 Dann Frazier reported a DoS condition that allows local users to cause the out of memory handler to kill off privileged processes or trigger soft lockups due to a starvation issue in the unix socket subsystem.", "cvss3": {}, "published": "2008-12-16T00:00:00", "type": "nessus", "title": "Debian DSA-1687-1 : linux-2.6 - denial of service/privilege escalation", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3527", "CVE-2008-3528", "CVE-2008-4554", "CVE-2008-4576", "CVE-2008-4933", "CVE-2008-4934", "CVE-2008-5025", "CVE-2008-5029", "CVE-2008-5079", "CVE-2008-5182", "CVE-2008-5300"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-2.6", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1687.NASL", "href": "https://www.tenable.com/plugins/nessus/35174", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1687. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35174);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-3527\", \"CVE-2008-3528\", \"CVE-2008-4554\", \"CVE-2008-4576\", \"CVE-2008-4933\", \"CVE-2008-4934\", \"CVE-2008-5025\", \"CVE-2008-5029\");\n script_bugtraq_id(31634, 31903, 32093, 32154, 32289, 32676);\n script_xref(name:\"DSA\", value:\"1687\");\n\n script_name(english:\"Debian DSA-1687-1 : linux-2.6 - denial of service/privilege escalation\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2008-3527\n Tavis Ormandy reported a local DoS and potential\n privilege escalation in the Virtual Dynamic Shared\n Objects (vDSO) implementation.\n\n - CVE-2008-3528\n Eugene Teo reported a local DoS issue in the ext2 and\n ext3 filesystems. Local users who have been granted the\n privileges necessary to mount a filesystem would be able\n to craft a corrupted filesystem that causes the kernel\n to output error messages in an infinite loop.\n\n - CVE-2008-4554\n Milos Szeredi reported that the usage of splice() on\n files opened with O_APPEND allows users to write to the\n file at arbitrary offsets, enabling a bypass of possible\n assumed semantics of the O_APPEND flag.\n\n - CVE-2008-4576\n Vlad Yasevich reported an issue in the SCTP subsystem\n that may allow remote users to cause a local DoS by\n triggering a kernel oops.\n\n - CVE-2008-4933\n Eric Sesterhenn reported a local DoS issue in the\n hfsplus filesystem. Local users who have been granted\n the privileges necessary to mount a filesystem would be\n able to craft a corrupted filesystem that causes the\n kernel to overrun a buffer, resulting in a system oops\n or memory corruption.\n\n - CVE-2008-4934\n Eric Sesterhenn reported a local DoS issue in the\n hfsplus filesystem. Local users who have been granted\n the privileges necessary to mount a filesystem would be\n able to craft a corrupted filesystem that results in a\n kernel oops due to an unchecked return value.\n\n - CVE-2008-5025\n Eric Sesterhenn reported a local DoS issue in the hfs\n filesystem. Local users who have been granted the\n privileges necessary to mount a filesystem would be able\n to craft a filesystem with a corrupted catalog name\n length, resulting in a system oops or memory corruption.\n\n - CVE-2008-5029\n Andrea Bittau reported a DoS issue in the unix socket\n subsystem that allows a local user to cause memory\n corruption, resulting in a kernel panic.\n\n - CVE-2008-5079\n Hugo Dias reported a DoS condition in the ATM subsystem\n that can be triggered by a local user by calling the\n svc_listen function twice on the same socket and reading\n /proc/net/atm/*vc.\n\n - CVE-2008-5182\n Al Viro reported race conditions in the inotify\n subsystem that may allow local users to acquire elevated\n privileges.\n\n - CVE-2008-5300\n Dann Frazier reported a DoS condition that allows local\n users to cause the out of memory handler to kill off\n privileged processes or trigger soft lockups due to a\n starvation issue in the unix socket subsystem.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-3527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-3528\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-4554\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-4576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-4933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-4934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5029\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5300\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1687\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux-2.6, fai-kernels, and user-mode-linux packages.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 2.6.18.dfsg.1-23etch1.\n\nNote: Debian 'etch' includes linux kernel packages based upon both the\n2.6.18 and 2.6.24 linux releases. All known security issues are\ncarefully tracked against both packages and both packages will receive\nsecurity updates until security support for Debian 'etch' concludes.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, lower severity 2.6.18 and 2.6.24 updates will\ntypically release in a staggered or 'leap-frog' fashion.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 264, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/12/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"fai-kernels\", reference:\"1.17+etch.23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-doc-2.6.18\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-486\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-686\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-686-bigmem\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-alpha\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-amd64\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-arm\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-hppa\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-i386\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-ia64\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-mips\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-mipsel\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-powerpc\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-s390\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-sparc\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-alpha-generic\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-alpha-legacy\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-alpha-smp\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-amd64\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-footbridge\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-iop32x\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-itanium\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-ixp4xx\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-k7\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-mckinley\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-parisc\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-parisc-smp\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-parisc64\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-parisc64-smp\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-powerpc\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-powerpc-miboot\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-powerpc-smp\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-powerpc64\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-prep\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-qemu\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-r3k-kn02\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-r4k-ip22\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-r4k-kn04\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-r5k-cobalt\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-r5k-ip32\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-rpc\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-s390\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-s390x\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-s3c2410\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-sb1-bcm91250a\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-sb1a-bcm91480b\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-sparc32\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-sparc64\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-sparc64-smp\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver-686\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver-alpha\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver-amd64\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver-k7\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver-powerpc\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver-powerpc64\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver-s390x\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver-sparc64\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-xen\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-xen-686\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-xen-amd64\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-xen-vserver\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-xen-vserver-686\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-xen-vserver-amd64\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-486\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-686\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-686-bigmem\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-alpha-generic\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-alpha-legacy\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-alpha-smp\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-amd64\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-footbridge\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-iop32x\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-itanium\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-ixp4xx\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-k7\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-mckinley\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-parisc\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-parisc-smp\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-parisc64\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-parisc64-smp\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-powerpc\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-powerpc-miboot\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-powerpc-smp\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-powerpc64\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-prep\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-qemu\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-r3k-kn02\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-r4k-ip22\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-r4k-kn04\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-r5k-cobalt\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-r5k-ip32\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-rpc\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-s390\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-s390-tape\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-s390x\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-s3c2410\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-sb1-bcm91250a\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-sb1a-bcm91480b\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-sparc32\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-sparc64\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-sparc64-smp\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-vserver-686\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-vserver-alpha\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-vserver-amd64\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-vserver-k7\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-vserver-powerpc\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-vserver-powerpc64\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-vserver-s390x\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-vserver-sparc64\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-xen-686\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-xen-amd64\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-xen-vserver-686\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-xen-vserver-amd64\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-manual-2.6.18\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-modules-2.6.18-6-xen-686\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-modules-2.6.18-6-xen-amd64\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-modules-2.6.18-6-xen-vserver-686\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-modules-2.6.18-6-xen-vserver-amd64\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-patch-debian-2.6.18\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-source-2.6.18\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-support-2.6.18-6\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-tree-2.6.18\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"user-mode-linux\", reference:\"2.6.18-1um-2etch.23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"xen-linux-system-2.6.18-6-xen-686\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"xen-linux-system-2.6.18-6-xen-amd64\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"xen-linux-system-2.6.18-6-xen-vserver-686\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"xen-linux-system-2.6.18-6-xen-vserver-amd64\", reference:\"2.6.18.dfsg.1-23etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:47:00", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2008-3528 Eugene Teo reported a local DoS issue in the ext2 and ext3 filesystems. Local users who have been granted the privileges necessary to mount a filesystem would be able to craft a corrupted filesystem that causes the kernel to output error messages in an infinite loop.\n\n - CVE-2008-4554 Milos Szeredi reported that the usage of splice() on files opened with O_APPEND allows users to write to the file at arbitrary offsets, enabling a bypass of possible assumed semantics of the O_APPEND flag.\n\n - CVE-2008-4576 Vlad Yasevich reported an issue in the SCTP subsystem that may allow remote users to cause a local DoS by triggering a kernel oops.\n\n - CVE-2008-4618 Wei Yongjun reported an issue in the SCTP subsystem that may allow remote users to cause a local DoS by triggering a kernel panic.\n\n - CVE-2008-4933 Eric Sesterhenn reported a local DoS issue in the hfsplus filesystem. Local users who have been granted the privileges necessary to mount a filesystem would be able to craft a corrupted filesystem that causes the kernel to overrun a buffer, resulting in a system oops or memory corruption.\n\n - CVE-2008-4934 Eric Sesterhenn reported a local DoS issue in the hfsplus filesystem. Local users who have been granted the privileges necessary to mount a filesystem would be able to craft a corrupted filesystem that results in a kernel oops due to an unchecked return value.\n\n - CVE-2008-5025 Eric Sesterhenn reported a local DoS issue in the hfs filesystem. Local users who have been granted the privileges necessary to mount a filesystem would be able to craft a filesystem with a corrupted catalog name length, resulting in a system oops or memory corruption.\n\n - CVE-2008-5029 Andrea Bittau reported a DoS issue in the unix socket subsystem that allows a local user to cause memory corruption, resulting in a kernel panic.\n\n - CVE-2008-5134 Johannes Berg reported a remote DoS issue in the libertas wireless driver, which can be triggered by a specially crafted beacon/probe response.\n\n - CVE-2008-5182 Al Viro reported race conditions in the inotify subsystem that may allow local users to acquire elevated privileges.\n\n - CVE-2008-5300 Dann Frazier reported a DoS condition that allows local users to cause the out of memory handler to kill off privileged processes or trigger soft lockups due to a starvation issue in the unix socket subsystem.", "cvss3": {}, "published": "2008-12-05T00:00:00", "type": "nessus", "title": "Debian DSA-1681-1 : linux-2.6.24 - denial of service/privilege escalation", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3528", "CVE-2008-4554", "CVE-2008-4576", "CVE-2008-4618", "CVE-2008-4933", "CVE-2008-4934", "CVE-2008-5025", "CVE-2008-5029", "CVE-2008-5134", "CVE-2008-5182", "CVE-2008-5300"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-2.6.24", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1681.NASL", "href": "https://www.tenable.com/plugins/nessus/35036", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1681. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35036);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-3528\", \"CVE-2008-4554\", \"CVE-2008-4576\", \"CVE-2008-4618\", \"CVE-2008-4933\", \"CVE-2008-4934\", \"CVE-2008-5025\", \"CVE-2008-5029\", \"CVE-2008-5134\", \"CVE-2008-5182\", \"CVE-2008-5300\");\n script_bugtraq_id(31634, 31903, 32093, 32154, 32289);\n script_xref(name:\"DSA\", value:\"1681\");\n\n script_name(english:\"Debian DSA-1681-1 : linux-2.6.24 - denial of service/privilege escalation\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2008-3528\n Eugene Teo reported a local DoS issue in the ext2 and\n ext3 filesystems. Local users who have been granted the\n privileges necessary to mount a filesystem would be able\n to craft a corrupted filesystem that causes the kernel\n to output error messages in an infinite loop.\n\n - CVE-2008-4554\n Milos Szeredi reported that the usage of splice() on\n files opened with O_APPEND allows users to write to the\n file at arbitrary offsets, enabling a bypass of possible\n assumed semantics of the O_APPEND flag.\n\n - CVE-2008-4576\n Vlad Yasevich reported an issue in the SCTP subsystem\n that may allow remote users to cause a local DoS by\n triggering a kernel oops.\n\n - CVE-2008-4618\n Wei Yongjun reported an issue in the SCTP subsystem that\n may allow remote users to cause a local DoS by\n triggering a kernel panic.\n\n - CVE-2008-4933\n Eric Sesterhenn reported a local DoS issue in the\n hfsplus filesystem. Local users who have been granted\n the privileges necessary to mount a filesystem would be\n able to craft a corrupted filesystem that causes the\n kernel to overrun a buffer, resulting in a system oops\n or memory corruption.\n\n - CVE-2008-4934\n Eric Sesterhenn reported a local DoS issue in the\n hfsplus filesystem. Local users who have been granted\n the privileges necessary to mount a filesystem would be\n able to craft a corrupted filesystem that results in a\n kernel oops due to an unchecked return value.\n\n - CVE-2008-5025\n Eric Sesterhenn reported a local DoS issue in the hfs\n filesystem. Local users who have been granted the\n privileges necessary to mount a filesystem would be able\n to craft a filesystem with a corrupted catalog name\n length, resulting in a system oops or memory corruption.\n\n - CVE-2008-5029\n Andrea Bittau reported a DoS issue in the unix socket\n subsystem that allows a local user to cause memory\n corruption, resulting in a kernel panic.\n\n - CVE-2008-5134\n Johannes Berg reported a remote DoS issue in the\n libertas wireless driver, which can be triggered by a\n specially crafted beacon/probe response.\n\n - CVE-2008-5182\n Al Viro reported race conditions in the inotify\n subsystem that may allow local users to acquire elevated\n privileges.\n\n - CVE-2008-5300\n Dann Frazier reported a DoS condition that allows local\n users to cause the out of memory handler to kill off\n privileged processes or trigger soft lockups due to a\n starvation issue in the unix socket subsystem.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-3528\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-4554\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-4576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-4618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-4933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-4934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5029\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5300\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1681\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux-2.6.24 packages.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.6.24-6~etchnhalf.7.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 264, 287, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-2.6.24\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/12/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"linux-doc-2.6.24\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-486\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-4kc-malta\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-5kc-malta\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-686\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-686-bigmem\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-alpha\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-amd64\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-arm\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-hppa\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-i386\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-ia64\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-mips\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-mipsel\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-powerpc\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-s390\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-sparc\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-alpha-generic\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-alpha-legacy\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-alpha-smp\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-amd64\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-common\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-footbridge\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-iop32x\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-itanium\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-ixp4xx\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-mckinley\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-parisc\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-parisc-smp\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-parisc64\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-parisc64-smp\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-powerpc\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-powerpc-miboot\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-powerpc-smp\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-powerpc64\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-r4k-ip22\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-r5k-cobalt\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-r5k-ip32\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-s390\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-s390x\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-sparc64\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-sparc64-smp\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-486\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-4kc-malta\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-5kc-malta\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-686\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-686-bigmem\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-alpha-generic\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-alpha-legacy\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-alpha-smp\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-amd64\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-footbridge\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-iop32x\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-itanium\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-ixp4xx\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-mckinley\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-parisc\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-parisc-smp\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-parisc64\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-parisc64-smp\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-powerpc\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-powerpc-miboot\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-powerpc-smp\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-powerpc64\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-r4k-ip22\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-r5k-cobalt\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-r5k-ip32\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-s390\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-s390-tape\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-s390x\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-sparc64\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-sparc64-smp\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-manual-2.6.24\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-patch-debian-2.6.24\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-source-2.6.24\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-support-2.6.24-etchnhalf.1\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-tree-2.6.24\", reference:\"2.6.24-6~etchnhalf.7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:25:53", "description": "From Red Hat Security Advisory 2009:1550 :\n\nUpdated kernel packages that fix several security issues and multiple bugs are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity fixes :\n\n* when fput() was called to close a socket, the __scm_destroy() function in the Linux kernel could make indirect recursive calls to itself. This could, potentially, lead to a denial of service issue.\n(CVE-2008-5029, Important)\n\n* the sendmsg() function in the Linux kernel did not block during UNIX socket garbage collection. This could, potentially, lead to a local denial of service. (CVE-2008-5300, Important)\n\n* the exit_notify() function in the Linux kernel did not properly reset the exit signal if a process executed a set user ID (setuid) application before exiting. This could allow a local, unprivileged user to elevate their privileges. (CVE-2009-1337, Important)\n\n* a flaw was found in the Intel PRO/1000 network driver in the Linux kernel. Frames with sizes near the MTU of an interface may be split across multiple hardware receive descriptors. Receipt of such a frame could leak through a validation check, leading to a corruption of the length check. A remote attacker could use this flaw to send a specially crafted packet that would cause a denial of service or code execution. (CVE-2009-1385, Important)\n\n* the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared when a setuid or setgid program was executed. A local, unprivileged user could use this flaw to bypass the mmap_min_addr protection mechanism and perform a NULL pointer dereference attack, or bypass the Address Space Layout Randomization (ASLR) security feature.\n(CVE-2009-1895, Important)\n\n* it was discovered that, when executing a new process, the clear_child_tid pointer in the Linux kernel is not cleared. If this pointer points to a writable portion of the memory of the new program, the kernel could corrupt four bytes of memory, possibly leading to a local denial of service or privilege escalation. (CVE-2009-2848, Important)\n\n* missing initialization flaws were found in getname() implementations in the IrDA sockets, AppleTalk DDP protocol, NET/ROM protocol, and ROSE protocol implementations in the Linux kernel. Certain data structures in these getname() implementations were not initialized properly before being copied to user-space. These flaws could lead to an information leak. (CVE-2009-3002, Important)\n\n* a NULL pointer dereference flaw was found in each of the following functions in the Linux kernel: pipe_read_open(), pipe_write_open(), and pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could be released by other processes before it is used to update the pipe's reader and writer counters. This could lead to a local denial of service or privilege escalation. (CVE-2009-3547, Important)\n\nBug fixes :\n\n* this update adds the mmap_min_addr tunable and restriction checks to help prevent unprivileged users from creating new memory mappings below the minimum address. This can help prevent the exploitation of NULL pointer dereference bugs. Note that mmap_min_addr is set to zero (disabled) by default for backwards compatibility. (BZ#512642)\n\n* a bridge reference count problem in IPv6 has been fixed. (BZ#457010)\n\n* enforce null-termination of user-supplied arguments to setsockopt().\n(BZ#505514)\n\n* the gcc flag '-fno-delete-null-pointer-checks' was added to the kernel build options. This prevents gcc from optimizing out NULL pointer checks after the first use of a pointer. NULL pointer bugs are often exploited by attackers. Keeping these checks is a safety measure. (BZ#511185)\n\n* a check has been added to the IPv4 code to make sure that rt is not NULL, to help prevent future bugs in functions that call ip_append_data() from being exploitable. (BZ#520300)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 3 : kernel (ELSA-2009-1550)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5029", "CVE-2008-5300", "CVE-2009-1337", "CVE-2009-1385", "CVE-2009-1895", "CVE-2009-2691", "CVE-2009-2695", "CVE-2009-2848", "CVE-2009-2849", "CVE-2009-2910", "CVE-2009-3002", "CVE-2009-3228", "CVE-2009-3547", "CVE-2009-3612", "CVE-2009-3613", "CVE-2009-3620", "CVE-2009-3621"], "modified": "2021-08-24T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-boot", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:kernel-hugemem", "p-cpe:/a:oracle:linux:kernel-hugemem-unsupported", "p-cpe:/a:oracle:linux:kernel-smp", "p-cpe:/a:oracle:linux:kernel-smp-unsupported", "p-cpe:/a:oracle:linux:kernel-source", "p-cpe:/a:oracle:linux:kernel-unsupported", "cpe:/o:oracle:linux:3"], "id": "ORACLELINUX_ELSA-2009-1550.NASL", "href": "https://www.tenable.com/plugins/nessus/67955", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:1550 and \n# Oracle Linux Security Advisory ELSA-2009-1550 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67955);\n script_version(\"1.29\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/24\");\n\n script_cve_id(\"CVE-2008-5029\", \"CVE-2008-5300\", \"CVE-2009-1337\", \"CVE-2009-1385\", \"CVE-2009-1895\", \"CVE-2009-2691\", \"CVE-2009-2695\", \"CVE-2009-2848\", \"CVE-2009-2849\", \"CVE-2009-2910\", \"CVE-2009-3002\", \"CVE-2009-3228\", \"CVE-2009-3547\", \"CVE-2009-3612\", \"CVE-2009-3613\", \"CVE-2009-3620\", \"CVE-2009-3621\");\n script_bugtraq_id(32154, 34405, 35185, 35647, 35930, 36176, 36901);\n script_xref(name:\"RHSA\", value:\"2009:1550\");\n\n script_name(english:\"Oracle Linux 3 : kernel (ELSA-2009-1550)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:1550 :\n\nUpdated kernel packages that fix several security issues and multiple\nbugs are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes :\n\n* when fput() was called to close a socket, the __scm_destroy()\nfunction in the Linux kernel could make indirect recursive calls to\nitself. This could, potentially, lead to a denial of service issue.\n(CVE-2008-5029, Important)\n\n* the sendmsg() function in the Linux kernel did not block during UNIX\nsocket garbage collection. This could, potentially, lead to a local\ndenial of service. (CVE-2008-5300, Important)\n\n* the exit_notify() function in the Linux kernel did not properly\nreset the exit signal if a process executed a set user ID (setuid)\napplication before exiting. This could allow a local, unprivileged\nuser to elevate their privileges. (CVE-2009-1337, Important)\n\n* a flaw was found in the Intel PRO/1000 network driver in the Linux\nkernel. Frames with sizes near the MTU of an interface may be split\nacross multiple hardware receive descriptors. Receipt of such a frame\ncould leak through a validation check, leading to a corruption of the\nlength check. A remote attacker could use this flaw to send a\nspecially crafted packet that would cause a denial of service or code\nexecution. (CVE-2009-1385, Important)\n\n* the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared\nwhen a setuid or setgid program was executed. A local, unprivileged\nuser could use this flaw to bypass the mmap_min_addr protection\nmechanism and perform a NULL pointer dereference attack, or bypass the\nAddress Space Layout Randomization (ASLR) security feature.\n(CVE-2009-1895, Important)\n\n* it was discovered that, when executing a new process, the\nclear_child_tid pointer in the Linux kernel is not cleared. If this\npointer points to a writable portion of the memory of the new program,\nthe kernel could corrupt four bytes of memory, possibly leading to a\nlocal denial of service or privilege escalation. (CVE-2009-2848,\nImportant)\n\n* missing initialization flaws were found in getname() implementations\nin the IrDA sockets, AppleTalk DDP protocol, NET/ROM protocol, and\nROSE protocol implementations in the Linux kernel. Certain data\nstructures in these getname() implementations were not initialized\nproperly before being copied to user-space. These flaws could lead to\nan information leak. (CVE-2009-3002, Important)\n\n* a NULL pointer dereference flaw was found in each of the following\nfunctions in the Linux kernel: pipe_read_open(), pipe_write_open(),\nand pipe_rdwr_open(). When the mutex lock is not held, the i_pipe\npointer could be released by other processes before it is used to\nupdate the pipe's reader and writer counters. This could lead to a\nlocal denial of service or privilege escalation. (CVE-2009-3547,\nImportant)\n\nBug fixes :\n\n* this update adds the mmap_min_addr tunable and restriction checks to\nhelp prevent unprivileged users from creating new memory mappings\nbelow the minimum address. This can help prevent the exploitation of\nNULL pointer dereference bugs. Note that mmap_min_addr is set to zero\n(disabled) by default for backwards compatibility. (BZ#512642)\n\n* a bridge reference count problem in IPv6 has been fixed. (BZ#457010)\n\n* enforce null-termination of user-supplied arguments to setsockopt().\n(BZ#505514)\n\n* the gcc flag '-fno-delete-null-pointer-checks' was added to the\nkernel build options. This prevents gcc from optimizing out NULL\npointer checks after the first use of a pointer. NULL pointer bugs are\noften exploited by attackers. Keeping these checks is a safety\nmeasure. (BZ#511185)\n\n* a check has been added to the IPv4 code to make sure that rt is not\nNULL, to help prevent future bugs in functions that call\nip_append_data() from being exploitable. (BZ#520300)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-November/001233.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 20, 119, 189, 200, 264, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-BOOT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-hugemem-unsupported\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-smp-unsupported\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-unsupported\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n cve_list = make_list(\"CVE-2008-5029\", \"CVE-2008-5300\", \"CVE-2009-1337\", \"CVE-2009-1385\", \"CVE-2009-1895\", \"CVE-2009-2691\", \"CVE-2009-2695\", \"CVE-2009-2848\", \"CVE-2009-2849\", \"CVE-2009-2910\", \"CVE-2009-3002\", \"CVE-2009-3228\", \"CVE-2009-3547\", \"CVE-2009-3612\", \"CVE-2009-3613\", \"CVE-2009-3620\", \"CVE-2009-3621\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2009-1550\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.4\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"kernel-2.4.21-63.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"kernel-2.4.21-63.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-BOOT-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"kernel-BOOT-2.4.21-63.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-doc-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"kernel-doc-2.4.21-63.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-doc-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"kernel-doc-2.4.21-63.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-hugemem-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"kernel-hugemem-2.4.21-63.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-hugemem-unsupported-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"kernel-hugemem-unsupported-2.4.21-63.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-smp-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"kernel-smp-2.4.21-63.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-smp-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"kernel-smp-2.4.21-63.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-smp-unsupported-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"kernel-smp-unsupported-2.4.21-63.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-smp-unsupported-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"kernel-smp-unsupported-2.4.21-63.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-source-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"kernel-source-2.4.21-63.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-source-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"kernel-source-2.4.21-63.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-unsupported-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"kernel-unsupported-2.4.21-63.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-unsupported-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"kernel-unsupported-2.4.21-63.0.0.0.1.EL\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:37:39", "description": "Updated kernel packages that fix several security issues and multiple bugs are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity fixes :\n\n* when fput() was called to close a socket, the __scm_destroy() function in the Linux kernel could make indirect recursive calls to itself. This could, potentially, lead to a denial of service issue.\n(CVE-2008-5029, Important)\n\n* the sendmsg() function in the Linux kernel did not block during UNIX socket garbage collection. This could, potentially, lead to a local denial of service. (CVE-2008-5300, Important)\n\n* the exit_notify() function in the Linux kernel did not properly reset the exit signal if a process executed a set user ID (setuid) application before exiting. This could allow a local, unprivileged user to elevate their privileges. (CVE-2009-1337, Important)\n\n* a flaw was found in the Intel PRO/1000 network driver in the Linux kernel. Frames with sizes near the MTU of an interface may be split across multiple hardware receive descriptors. Receipt of such a frame could leak through a validation check, leading to a corruption of the length check. A remote attacker could use this flaw to send a specially crafted packet that would cause a denial of service or code execution. (CVE-2009-1385, Important)\n\n* the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared when a setuid or setgid program was executed. A local, unprivileged user could use this flaw to bypass the mmap_min_addr protection mechanism and perform a NULL pointer dereference attack, or bypass the Address Space Layout Randomization (ASLR) security feature.\n(CVE-2009-1895, Important)\n\n* it was discovered that, when executing a new process, the clear_child_tid pointer in the Linux kernel is not cleared. If this pointer points to a writable portion of the memory of the new program, the kernel could corrupt four bytes of memory, possibly leading to a local denial of service or privilege escalation. (CVE-2009-2848, Important)\n\n* missing initialization flaws were found in getname() implementations in the IrDA sockets, AppleTalk DDP protocol, NET/ROM protocol, and ROSE protocol implementations in the Linux kernel. Certain data structures in these getname() implementations were not initialized properly before being copied to user-space. These flaws could lead to an information leak. (CVE-2009-3002, Important)\n\n* a NULL pointer dereference flaw was found in each of the following functions in the Linux kernel: pipe_read_open(), pipe_write_open(), and pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could be released by other processes before it is used to update the pipe's reader and writer counters. This could lead to a local denial of service or privilege escalation. (CVE-2009-3547, Important)\n\nBug fixes :\n\n* this update adds the mmap_min_addr tunable and restriction checks to help prevent unprivileged users from creating new memory mappings below the minimum address. This can help prevent the exploitation of NULL pointer dereference bugs. Note that mmap_min_addr is set to zero (disabled) by default for backwards compatibility. (BZ#512642)\n\n* a bridge reference count problem in IPv6 has been fixed. (BZ#457010)\n\n* enforce null-termination of user-supplied arguments to setsockopt().\n(BZ#505514)\n\n* the gcc flag '-fno-delete-null-pointer-checks' was added to the kernel build options. This prevents gcc from optimizing out NULL pointer checks after the first use of a pointer. NULL pointer bugs are often exploited by attackers. Keeping these checks is a safety measure. (BZ#511185)\n\n* a check has been added to the IPv4 code to make sure that rt is not NULL, to help prevent future bugs in functions that call ip_append_data() from being exploitable. (BZ#520300)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2013-06-29T00:00:00", "type": "nessus", "title": "CentOS 3 : kernel (CESA-2009:1550)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5029", "CVE-2008-5300", "CVE-2009-1337", "CVE-2009-1385", "CVE-2009-1895", "CVE-2009-2691", "CVE-2009-2695", "CVE-2009-2848", "CVE-2009-2849", "CVE-2009-2910", "CVE-2009-3002", "CVE-2009-3228", "CVE-2009-3547", "CVE-2009-3612", "CVE-2009-3613", "CVE-2009-3620", "CVE-2009-3621"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-boot", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-hugemem", "p-cpe:/a:centos:centos:kernel-hugemem-unsupported", "p-cpe:/a:centos:centos:kernel-smp", "p-cpe:/a:centos:centos:kernel-smp-unsupported", "p-cpe:/a:centos:centos:kernel-source", "p-cpe:/a:centos:centos:kernel-unsupported", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2009-1550.NASL", "href": "https://www.tenable.com/plugins/nessus/67070", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1550 and \n# CentOS Errata and Security Advisory 2009:1550 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67070);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-5029\", \"CVE-2008-5300\", \"CVE-2009-1337\", \"CVE-2009-1385\", \"CVE-2009-1895\", \"CVE-2009-2691\", \"CVE-2009-2695\", \"CVE-2009-2848\", \"CVE-2009-2849\", \"CVE-2009-2910\", \"CVE-2009-3002\", \"CVE-2009-3228\", \"CVE-2009-3547\", \"CVE-2009-3612\", \"CVE-2009-3613\", \"CVE-2009-3620\", \"CVE-2009-3621\");\n script_bugtraq_id(32154, 34405, 35185, 35647, 35930, 36176, 36901);\n script_xref(name:\"RHSA\", value:\"2009:1550\");\n\n script_name(english:\"CentOS 3 : kernel (CESA-2009:1550)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix several security issues and multiple\nbugs are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes :\n\n* when fput() was called to close a socket, the __scm_destroy()\nfunction in the Linux kernel could make indirect recursive calls to\nitself. This could, potentially, lead to a denial of service issue.\n(CVE-2008-5029, Important)\n\n* the sendmsg() function in the Linux kernel did not block during UNIX\nsocket garbage collection. This could, potentially, lead to a local\ndenial of service. (CVE-2008-5300, Important)\n\n* the exit_notify() function in the Linux kernel did not properly\nreset the exit signal if a process executed a set user ID (setuid)\napplication before exiting. This could allow a local, unprivileged\nuser to elevate their privileges. (CVE-2009-1337, Important)\n\n* a flaw was found in the Intel PRO/1000 network driver in the Linux\nkernel. Frames with sizes near the MTU of an interface may be split\nacross multiple hardware receive descriptors. Receipt of such a frame\ncould leak through a validation check, leading to a corruption of the\nlength check. A remote attacker could use this flaw to send a\nspecially crafted packet that would cause a denial of service or code\nexecution. (CVE-2009-1385, Important)\n\n* the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared\nwhen a setuid or setgid program was executed. A local, unprivileged\nuser could use this flaw to bypass the mmap_min_addr protection\nmechanism and perform a NULL pointer dereference attack, or bypass the\nAddress Space Layout Randomization (ASLR) security feature.\n(CVE-2009-1895, Important)\n\n* it was discovered that, when executing a new process, the\nclear_child_tid pointer in the Linux kernel is not cleared. If this\npointer points to a writable portion of the memory of the new program,\nthe kernel could corrupt four bytes of memory, possibly leading to a\nlocal denial of service or privilege escalation. (CVE-2009-2848,\nImportant)\n\n* missing initialization flaws were found in getname() implementations\nin the IrDA sockets, AppleTalk DDP protocol, NET/ROM protocol, and\nROSE protocol implementations in the Linux kernel. Certain data\nstructures in these getname() implementations were not initialized\nproperly before being copied to user-space. These flaws could lead to\nan information leak. (CVE-2009-3002, Important)\n\n* a NULL pointer dereference flaw was found in each of the following\nfunctions in the Linux kernel: pipe_read_open(), pipe_write_open(),\nand pipe_rdwr_open(). When the mutex lock is not held, the i_pipe\npointer could be released by other processes before it is used to\nupdate the pipe's reader and writer counters. This could lead to a\nlocal denial of service or privilege escalation. (CVE-2009-3547,\nImportant)\n\nBug fixes :\n\n* this update adds the mmap_min_addr tunable and restriction checks to\nhelp prevent unprivileged users from creating new memory mappings\nbelow the minimum address. This can help prevent the exploitation of\nNULL pointer dereference bugs. Note that mmap_min_addr is set to zero\n(disabled) by default for backwards compatibility. (BZ#512642)\n\n* a bridge reference count problem in IPv6 has been fixed. (BZ#457010)\n\n* enforce null-termination of user-supplied arguments to setsockopt().\n(BZ#505514)\n\n* the gcc flag '-fno-delete-null-pointer-checks' was added to the\nkernel build options. This prevents gcc from optimizing out NULL\npointer checks after the first use of a pointer. NULL pointer bugs are\noften exploited by attackers. Keeping these checks is a safety\nmeasure. (BZ#511185)\n\n* a check has been added to the IPv4 code to make sure that rt is not\nNULL, to help prevent future bugs in functions that call\nip_append_data() from being exploitable. (BZ#520300)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-November/016300.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0434178f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-November/016301.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7607f232\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 20, 119, 189, 200, 264, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-BOOT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-hugemem-unsupported\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-smp-unsupported\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-unsupported\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"kernel-2.4.21-63.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"kernel-2.4.21-63.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"kernel-BOOT-2.4.21-63.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"kernel-doc-2.4.21-63.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"kernel-doc-2.4.21-63.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"kernel-hugemem-2.4.21-63.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"kernel-hugemem-unsupported-2.4.21-63.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"kernel-smp-2.4.21-63.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"kernel-smp-2.4.21-63.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"kernel-smp-unsupported-2.4.21-63.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"kernel-smp-unsupported-2.4.21-63.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"kernel-source-2.4.21-63.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"kernel-source-2.4.21-63.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"kernel-unsupported-2.4.21-63.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"kernel-unsupported-2.4.21-63.EL\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-BOOT / kernel-doc / kernel-hugemem / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:37", "description": "Updated kernel packages that fix several security issues and multiple bugs are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity fixes :\n\n* when fput() was called to close a socket, the __scm_destroy() function in the Linux kernel could make indirect recursive calls to itself. This could, potentially, lead to a denial of service issue.\n(CVE-2008-5029, Important)\n\n* the sendmsg() function in the Linux kernel did not block during UNIX socket garbage collection. This could, potentially, lead to a local denial of service. (CVE-2008-5300, Important)\n\n* the exit_notify() function in the Linux kernel did not properly reset the exit signal if a process executed a set user ID (setuid) application before exiting. This could allow a local, unprivileged user to elevate their privileges. (CVE-2009-1337, Important)\n\n* a flaw was found in the Intel PRO/1000 network driver in the Linux kernel. Frames with sizes near the MTU of an interface may be split across multiple hardware receive descriptors. Receipt of such a frame could leak through a validation check, leading to a corruption of the length check. A remote attacker could use this flaw to send a specially crafted packet that would cause a denial of service or code execution. (CVE-2009-1385, Important)\n\n* the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared when a setuid or setgid program was executed. A local, unprivileged user could use this flaw to bypass the mmap_min_addr protection mechanism and perform a NULL pointer dereference attack, or bypass the Address Space Layout Randomization (ASLR) security feature.\n(CVE-2009-1895, Important)\n\n* it was discovered that, when executing a new process, the clear_child_tid pointer in the Linux kernel is not cleared. If this pointer points to a writable portion of the memory of the new program, the kernel could corrupt four bytes of memory, possibly leading to a local denial of service or privilege escalation. (CVE-2009-2848, Important)\n\n* missing initialization flaws were found in getname() implementations in the IrDA sockets, AppleTalk DDP protocol, NET/ROM protocol, and ROSE protocol implementations in the Linux kernel. Certain data structures in these getname() implementations were not initialized properly before being copied to user-space. These flaws could lead to an information leak. (CVE-2009-3002, Important)\n\n* a NULL pointer dereference flaw was found in each of the following functions in the Linux kernel: pipe_read_open(), pipe_write_open(), and pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could be released by other processes before it is used to update the pipe's reader and writer counters. This could lead to a local denial of service or privilege escalation. (CVE-2009-3547, Important)\n\nBug fixes :\n\n* this update adds the mmap_min_addr tunable and restriction checks to help prevent unprivileged users from creating new memory mappings below the minimum address. This can help prevent the exploitation of NULL pointer dereference bugs. Note that mmap_min_addr is set to zero (disabled) by default for backwards compatibility. (BZ#512642)\n\n* a bridge reference count problem in IPv6 has been fixed. (BZ#457010)\n\n* enforce null-termination of user-supplied arguments to setsockopt().\n(BZ#505514)\n\n* the gcc flag '-fno-delete-null-pointer-checks' was added to the kernel build options. This prevents gcc from optimizing out NULL pointer checks after the first use of a pointer. NULL pointer bugs are often exploited by attackers. Keeping these checks is a safety measure. (BZ#511185)\n\n* a check has been added to the IPv4 code to make sure that rt is not NULL, to help prevent future bugs in functions that call ip_append_data() from being exploitable. (BZ#520300)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2009-11-04T00:00:00", "type": "nessus", "title": "RHEL 3 : kernel (RHSA-2009:1550)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5029", "CVE-2008-5300", "CVE-2009-1337", "CVE-2009-1385", "CVE-2009-1895", "CVE-2009-2691", "CVE-2009-2695", "CVE-2009-2848", "CVE-2009-2849", "CVE-2009-2910", "CVE-2009-3002", "CVE-2009-3228", "CVE-2009-3547", "CVE-2009-3612", "CVE-2009-3613", "CVE-2009-3620", "CVE-2009-3621"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-unsupported", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-boot", "cpe:/o:redhat:enterprise_linux:3", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-hugemem", "p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-unsupported", "p-cpe:/a:redhat:enterprise_linux:kernel-smp", "p-cpe:/a:redhat:enterprise_linux:kernel-smp-unsupported", "p-cpe:/a:redhat:enterprise_linux:kernel-source"], "id": "REDHAT-RHSA-2009-1550.NASL", "href": "https://www.tenable.com/plugins/nessus/42360", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1550. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42360);\n script_version(\"1.47\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5029\", \"CVE-2008-5300\", \"CVE-2009-1337\", \"CVE-2009-1385\", \"CVE-2009-1895\", \"CVE-2009-2691\", \"CVE-2009-2695\", \"CVE-2009-2848\", \"CVE-2009-2849\", \"CVE-2009-2910\", \"CVE-2009-3002\", \"CVE-2009-3228\", \"CVE-2009-3547\", \"CVE-2009-3612\", \"CVE-2009-3613\", \"CVE-2009-3620\", \"CVE-2009-3621\");\n script_bugtraq_id(32154, 34405, 35185, 35647, 35930, 36176, 36901);\n script_xref(name:\"RHSA\", value:\"2009:1550\");\n\n script_name(english:\"RHEL 3 : kernel (RHSA-2009:1550)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix several security issues and multiple\nbugs are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes :\n\n* when fput() was called to close a socket, the __scm_destroy()\nfunction in the Linux kernel could make indirect recursive calls to\nitself. This could, potentially, lead to a denial of service issue.\n(CVE-2008-5029, Important)\n\n* the sendmsg() function in the Linux kernel did not block during UNIX\nsocket garbage collection. This could, potentially, lead to a local\ndenial of service. (CVE-2008-5300, Important)\n\n* the exit_notify() function in the Linux kernel did not properly\nreset the exit signal if a process executed a set user ID (setuid)\napplication before exiting. This could allow a local, unprivileged\nuser to elevate their privileges. (CVE-2009-1337, Important)\n\n* a flaw was found in the Intel PRO/1000 network driver in the Linux\nkernel. Frames with sizes near the MTU of an interface may be split\nacross multiple hardware receive descriptors. Receipt of such a frame\ncould leak through a validation check, leading to a corruption of the\nlength check. A remote attacker could use this flaw to send a\nspecially crafted packet that would cause a denial of service or code\nexecution. (CVE-2009-1385, Important)\n\n* the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared\nwhen a setuid or setgid program was executed. A local, unprivileged\nuser could use this flaw to bypass the mmap_min_addr protection\nmechanism and perform a NULL pointer dereference attack, or bypass the\nAddress Space Layout Randomization (ASLR) security feature.\n(CVE-2009-1895, Important)\n\n* it was discovered that, when executing a new process, the\nclear_child_tid pointer in the Linux kernel is not cleared. If this\npointer points to a writable portion of the memory of the new program,\nthe kernel could corrupt four bytes of memory, possibly leading to a\nlocal denial of service or privilege escalation. (CVE-2009-2848,\nImportant)\n\n* missing initialization flaws were found in getname() implementations\nin the IrDA sockets, AppleTalk DDP protocol, NET/ROM protocol, and\nROSE protocol implementations in the Linux kernel. Certain data\nstructures in these getname() implementations were not initialized\nproperly before being copied to user-space. These flaws could lead to\nan information leak. (CVE-2009-3002, Important)\n\n* a NULL pointer dereference flaw was found in each of the following\nfunctions in the Linux kernel: pipe_read_open(), pipe_write_open(),\nand pipe_rdwr_open(). When the mutex lock is not held, the i_pipe\npointer could be released by other processes before it is used to\nupdate the pipe's reader and writer counters. This could lead to a\nlocal denial of service or privilege escalation. (CVE-2009-3547,\nImportant)\n\nBug fixes :\n\n* this update adds the mmap_min_addr tunable and restriction checks to\nhelp prevent unprivileged users from creating new memory mappings\nbelow the minimum address. This can help prevent the exploitation of\nNULL pointer dereference bugs. Note that mmap_min_addr is set to zero\n(disabled) by default for backwards compatibility. (BZ#512642)\n\n* a bridge reference count problem in IPv6 has been fixed. (BZ#457010)\n\n* enforce null-termination of user-supplied arguments to setsockopt().\n(BZ#505514)\n\n* the gcc flag '-fno-delete-null-pointer-checks' was added to the\nkernel build options. This prevents gcc from optimizing out NULL\npointer checks after the first use of a pointer. NULL pointer bugs are\noften exploited by attackers. Keeping these checks is a safety\nmeasure. (BZ#511185)\n\n* a check has been added to the IPv4 code to make sure that rt is not\nNULL, to help prevent future bugs in functions that call\nip_append_data() from being exploitable. (BZ#520300)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5029\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5300\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1337\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2848\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3002\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3547\"\n );\n # http://kbase.redhat.com/faq/docs/DOC-17866\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/17845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1550\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 20, 119, 189, 200, 264, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-BOOT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-unsupported\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-smp-unsupported\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-unsupported\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2008-5029\", \"CVE-2008-5300\", \"CVE-2009-1337\", \"CVE-2009-1385\", \"CVE-2009-1895\", \"CVE-2009-2691\", \"CVE-2009-2695\", \"CVE-2009-2848\", \"CVE-2009-2849\", \"CVE-2009-2910\", \"CVE-2009-3002\", \"CVE-2009-3228\", \"CVE-2009-3547\", \"CVE-2009-3612\", \"CVE-2009-3613\", \"CVE-2009-3620\", \"CVE-2009-3621\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2009:1550\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1550\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"kernel-2.4.21-63.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"kernel-BOOT-2.4.21-63.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"kernel-doc-2.4.21-63.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i686\", reference:\"kernel-hugemem-2.4.21-63.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i686\", reference:\"kernel-hugemem-unsupported-2.4.21-63.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i686\", reference:\"kernel-smp-2.4.21-63.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"x86_64\", reference:\"kernel-smp-2.4.21-63.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i686\", reference:\"kernel-smp-unsupported-2.4.21-63.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"x86_64\", reference:\"kernel-smp-unsupported-2.4.21-63.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"kernel-source-2.4.21-63.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"kernel-unsupported-2.4.21-63.EL\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-BOOT / kernel-doc / kernel-hugemem / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "cvss3": {}, "published": "2008-12-24T18:45:37", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: kernel-2.6.27.9-159.fc10", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5079", "CVE-2008-5182", "CVE-2008-5300"], "modified": "2008-12-24T18:45:37", "id": "FEDORA:BB6D9208DB1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OI7T7KMVDIG33LRQQSHRYSTWB5A7ZXA3/", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "cvss3": {}, "published": "2008-12-24T18:47:55", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: kernel-2.6.27.9-73.fc9", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2750", "CVE-2008-3525", "CVE-2008-3528", "CVE-2008-3831", "CVE-2008-5079", "CVE-2008-5182", "CVE-2008-5300"], "modified": "2008-12-24T18:47:55", "id": "FEDORA:2A46A208DA7", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VRKDRJMRZ5LTTZBC4B7YXSINZKNRX4NW/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "redhat": [{"lastseen": "2021-10-21T04:44:33", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update includes backported fixes for four security issues. These\nissues only affected users of Red Hat Enterprise Linux 5.2 Extended Update\nSupport as they have already been addressed for users of Red Hat Enterprise\nLinux 5 in the 5.3 update, RHSA-2009:0225.\n\nIn accordance with the support policy, future security updates to Red Hat\nEnterprise Linux 5.2 Extended Update Support will only include issues of\ncritical security impact.\n\n* when fput() was called to close a socket, the __scm_destroy() function\nin the Linux kernel could make indirect recursive calls to itself. This\ncould, potentially, lead to a denial of service issue. (CVE-2008-5029,\nImportant)\n\n* the sendmsg() function in the Linux kernel did not block during UNIX\nsocket garbage collection. This could, potentially, lead to a local denial\nof service. (CVE-2008-5300, Important)\n\n* a flaw was found in the Asynchronous Transfer Mode (ATM) subsystem. A\nlocal, unprivileged user could use the flaw to listen on the same socket\nmore than once, possibly causing a denial of service. (CVE-2008-5079,\nImportant)\n\n* a race condition was found in the Linux kernel \"inotify\" watch removal\nand umount implementation. This could allow a local, unprivileged user\nto cause a privilege escalation or a denial of service. (CVE-2008-5182,\nImportant)\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. Note: for this update to take effect, the\nsystem must be rebooted.", "cvss3": {}, "published": "2009-02-24T00:00:00", "type": "redhat", "title": "(RHSA-2009:0021) Important: kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5029", "CVE-2008-5079", "CVE-2008-5182", "CVE-2008-5300"], "modified": "2017-07-28T15:03:53", "id": "RHSA-2009:0021", "href": "https://access.redhat.com/errata/RHSA-2009:0021", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T04:43:26", "description": "The Linux kernel (the core of the Linux operating system)\n\nThese updated packages contain 730 bug fixes and enhancements for the Linux\nkernel. Space precludes a detailed description of each of these changes in\nthis advisory and users are therefore directed to the release notes for Red\nHat Enterprise Linux 5.3 for information on 97 of the most significant of\nthese changes. \n\nDetails of three security-related bug fixes are set out below, along with\nnotes on other broad categories of change not covered in the release notes.\nFor more detailed information on specific bug fixes or enhancements, please\nconsult the Bugzilla numbers listed in this advisory.\n\n* when fput() was called to close a socket, the __scm_destroy() function \nin the Linux kernel could make indirect recursive calls to itself. This \ncould, potentially, lead to a denial of service issue. (CVE-2008-5029, \nImportant)\n\n* a flaw was found in the Asynchronous Transfer Mode (ATM) subsystem. A\nlocal, unprivileged user could use the flaw to listen on the same socket\nmore than once, possibly causing a denial of service. (CVE-2008-5079,\nImportant)\n\n* a race condition was found in the Linux kernel \"inotify\" watch removal\nand umount implementation. This could allow a local, unprivileged user \nto cause a privilege escalation or a denial of service. (CVE-2008-5182, \nImportant)\n\n* Bug fixes and enhancements are provided for:\n\n* support for specific NICs, including products from the following\nmanufacturers:\nBroadcom\nChelsio\nCisco\nIntel\nMarvell\nNetXen\nRealtek\nSun\n\n* Fiber Channel support, including support for Qlogic qla2xxx,\nqla4xxx, and qla84xx HBAs and the FCoE, FCP, and zFCP protocols.\n\n* support for various CPUs, including:\nAMD Opteron processors with 45 nm SOI (\"Shanghai\")\nAMD Turion Ultra processors\nCell processors\nIntel Core i7 processors\n\n* Xen support, including issues specific to the IA64 platform, systems\nusing AMD processors, and Dell Optiplex GX280 systems\n\n* ext3, ext4, GFS2, NFS, and SPUFS\n\n* Infiniband (including eHCA, eHEA, and IPoIB) support\n\n* common I/O (CIO), direct I/O (DIO), and queued direct I/O (qdio) support\n\n* the kernel distributed lock manager (DLM)\n\n* hardware issues with: SCSI, IEEE 1394 (FireWire), RAID (including issues\nspecific to Adaptec controllers), SATA (including NCQ), PCI, audio, serial\nconnections, tape-drives, and USB\n\n* ACPI, some of a general nature and some related to specific hardware\nincluding: certain Lenovo Thinkpad notebooks, HP DC7700 systems, and\ncertain machines based on Intel Centrino processor technology.\n\n* CIFS, including Kerberos support and a tech-preview of DFS support\n\n* networking support, including IPv6, PPPoE, and IPSec\n\n* support for Intel chipsets, including:\nIntel Cantiga chipsets\nIntel Eagle Lake chipsets\nIntel i915 chipsets\nIntel i965 chipsets\nIntel Ibex Peak chipsets\nIntel chipsets offering QuickPath Interconnects (QPI)\n\n* device mapping issues, including some in device mapper itself\n\n* various issues specific to IA64 and PPC\n\n* CCISS, including support for Compaq SMART Array controllers P711m and\nP712m and other new hardware\n\n* various issues affecting specific HP systems, including:\nDL785G5\nXW4800\nXW8600\nXW8600\nXW9400\n\n* IOMMU support, including specific\nissues with AMD and IBM Calgary hardware\n\n* the audit subsystem\n\n* DASD support\n\n* iSCSI support, including issues specific to Chelsio T3 adapters\n\n* LVM issues\n\n* SCTP management information base (MIB) support\n\n* issues with: autofs, kdump, kobject_add, libata, lpar, ptrace, and utrace\n\n* IBM Power platforms using Enhanced I/O Error Handling (EEH)\n\n* EDAC issues for AMD K8 and Intel i5000\n\n* ALSA, including support for new hardware\n\n* futex support\n\n* hugepage support\n\n* Intelligent Platform Management Interface (IPMI) support\n\n* issues affecting NEC/Stratus servers\n\n* OFED support\n\n* SELinux \n\n* various Virtio issues\n\nAll users are advised to upgrade to these updated packages, which resolve\nthese issues and add these enhancements.", "cvss3": {}, "published": "2009-01-20T00:00:00", "type": "redhat", "title": "(RHSA-2009:0225) Important: Red Hat Enterprise Linux 5.3 kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5029", "CVE-2008-5079", "CVE-2008-5182", "CVE-2008-5300"], "modified": "2017-09-08T08:13:40", "id": "RHSA-2009:0225", "href": "https://access.redhat.com/errata/RHSA-2009:0225", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:38:10", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated packages address the following security issues:\n\n* a flaw was found in the Asynchronous Transfer Mode (ATM) subsystem. A\nlocal, unprivileged user could use the flaw to listen on the same socket\nmore than once, possibly causing a denial of service. (CVE-2008-5079,\nImportant)\n\n* a buffer overflow flaw was found in the libertas driver. This could,\npotentially, lead to a remote denial of service when an invalid beacon or\nprobe response was received. (CVE-2008-5134, Important)\n\n* a race condition was found in the Linux kernel \"inotify\" watch removal\nand umount implementation. This could allow a local, unprivileged user \nto cause a privilege escalation or a denial of service. (CVE-2008-5182, \nImportant)\n\n* the sendmsg() function in the Linux kernel did not block during UNIX\nsocket garbage collection. This could, potentially, lead to a local denial\nof service. (CVE-2008-5300, Important)\n\n* a buffer overflow was found in the Linux kernel Partial Reliable Stream\nControl Transmission Protocol (PR-SCTP) implementation. This could,\npotentially, lead to a denial of service if a Forward-TSN chunk is received\nwith a large stream ID. (CVE-2009-0065, Important)\n\n* a deficiency was found in the libATA implementation. This could,\npotentially, lead to a denial of service. By default, the \"/dev/sg*\"\ndevices are accessible only to the root user. (CVE-2008-5700, Low)\n\nThese updated packages also address numerous bugs, including the following:\n\n* a race condition caused the timer to stop responding. This was fixed by\ncorrecting the behavior of the alloc_posix_timer() function. \n\n* the kernel was behaving differently for varying file capabilities. This\nwas resolved by ensuring the get_file_caps() function was preceded by\nclearing bprm->caps_*.\n\n* a check was included on the limit of the shadow.bytes array, to prevent\nvalue outside the limits being written and over riding other data areas.\n\n* the kernel-rt-2.6.24.7-81.el5rt kernel displayed a warning on boot\nstating that the hwclock failed. This was due to a compatibility problem\nwith the Red Hat Enterprise Linux 5 file system. It was resolved by adding\na new udev rule that ensured /dev was set up correctly.\n\n* the GPS clock daemon was becoming unstable due to a problem in adjtimex.\nThe issue was located and corrected.\n\n* the events_trace tracer was providing bad parameters to syscalls on i386\nmachines. This was due to the sys_call interface needing to use the\nassembly linked annotation and the edx register being used before it was\nstored on the stack. Both these issues were corrected.\n\nAll Red Hat Enterprise MRG users should install this update which addresses\nthese vulnerabilities and fixes these bugs. For this update to take effect,\nthe system must be rebooted.", "cvss3": {}, "published": "2009-02-04T00:00:00", "type": "redhat", "title": "(RHSA-2009:0053) Important: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5079", "CVE-2008-5134", "CVE-2008-5182", "CVE-2008-5300", "CVE-2008-5700", "CVE-2009-0065"], "modified": "2019-03-22T19:44:34", "id": "RHSA-2009:0053", "href": "https://access.redhat.com/errata/RHSA-2009:0053", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T04:42:43", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update addresses the following security issues:\n\n* the sendmsg() function in the Linux kernel did not block during UNIX\nsocket garbage collection. This could, potentially, lead to a local denial\nof service. (CVE-2008-5300, Important)\n\n* when fput() was called to close a socket, the __scm_destroy() function in\nthe Linux kernel could make indirect recursive calls to itself. This could,\npotentially, lead to a local denial of service. (CVE-2008-5029, Important)\n\n* a deficiency was found in the Linux kernel virtual file system (VFS)\nimplementation. This could allow a local, unprivileged user to make a\nseries of file creations within deleted directories, possibly causing a\ndenial of service. (CVE-2008-3275, Moderate)\n\n* a buffer underflow flaw was found in the Linux kernel IB700 SBC watchdog\ntimer driver. This deficiency could lead to a possible information leak. By\ndefault, the \"/dev/watchdog\" device is accessible only to the root user.\n(CVE-2008-5702, Low)\n\n* the hfs and hfsplus file systems code failed to properly handle corrupted\ndata structures. This could, potentially, lead to a local denial of\nservice. (CVE-2008-4933, CVE-2008-5025, Low)\n\n* a flaw was found in the hfsplus file system implementation. This could,\npotentially, lead to a local denial of service when write operations were\nperformed. (CVE-2008-4934, Low)\n\nThis update also fixes the following bugs:\n\n* when running Red Hat Enterprise Linux 4.6 and 4.7 on some systems running\nIntel\u00ae CPUs, the cpuspeed daemon did not run, preventing the CPU speed from\nbeing changed, such as not being reduced to an idle state when not in use.\n\n* mmap() could be used to gain access to beyond the first megabyte of RAM,\ndue to insufficient checks in the Linux kernel code. Checks have been added\nto prevent this.\n\n* attempting to turn keyboard LEDs on and off rapidly on keyboards with\nslow keyboard controllers, may have caused key presses to fail.\n\n* after migrating a hypervisor guest, the MAC address table was not\nupdated, causing packet loss and preventing network connections to the\nguest. Now, a gratuitous ARP request is sent after migration. This\nrefreshes the ARP caches, minimizing network downtime.\n\n* writing crash dumps with diskdump may have caused a kernel panic on\nNon-Uniform Memory Access (NUMA) systems with certain memory\nconfigurations.\n\n* on big-endian systems, such as PowerPC, the getsockopt() function\nincorrectly returned 0 depending on the parameters passed to it when the\ntime to live (TTL) value equaled 255, possibly causing memory corruption\nand application crashes.\n\n* a problem in the kernel packages provided by the RHSA-2008:0508 advisory\ncaused the Linux kernel's built-in memory copy procedure to return the\nwrong error code after recovering from a page fault on AMD64 and Intel 64\nsystems. This may have caused other Linux kernel functions to return wrong\nerror codes.\n\n* a divide-by-zero bug in the Linux kernel process scheduler, which may\nhave caused kernel panics on certain systems, has been resolved.\n\n* the netconsole kernel module caused the Linux kernel to hang when slave\ninterfaces of bonded network interfaces were started, resulting in a system\nhang or kernel panic when restarting the network.\n\n* the \"/proc/xen/\" directory existed even if systems were not running Red\nHat Virtualization. This may have caused problems for third-party software\nthat checks virtualization-ability based on the existence of \"/proc/xen/\".\nNote: this update will remove the \"/proc/xen/\" directory on systems not\nrunning Red Hat Virtualization.\n\nAll Red Hat Enterprise Linux 4 users should upgrade to these updated\npackages, which contain backported patches to resolve these issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2009-01-14T00:00:00", "type": "redhat", "title": "(RHSA-2009:0014) Important: kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3275", "CVE-2008-4933", "CVE-2008-4934", "CVE-2008-5025", "CVE-2008-5029", "CVE-2008-5300", "CVE-2008-5702"], "modified": "2017-09-08T08:18:05", "id": "RHSA-2009:0014", "href": "https://access.redhat.com/errata/RHSA-2009:0014", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-21T04:42:31", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes:\n\n* when fput() was called to close a socket, the __scm_destroy() function in\nthe Linux kernel could make indirect recursive calls to itself. This could,\npotentially, lead to a denial of service issue. (CVE-2008-5029, Important)\n\n* the sendmsg() function in the Linux kernel did not block during UNIX\nsocket garbage collection. This could, potentially, lead to a local denial\nof service. (CVE-2008-5300, Important)\n\n* the exit_notify() function in the Linux kernel did not properly reset the\nexit signal if a process executed a set user ID (setuid) application before\nexiting. This could allow a local, unprivileged user to elevate their\nprivileges. (CVE-2009-1337, Important)\n\n* a flaw was found in the Intel PRO/1000 network driver in the Linux\nkernel. Frames with sizes near the MTU of an interface may be split across\nmultiple hardware receive descriptors. Receipt of such a frame could leak\nthrough a validation check, leading to a corruption of the length check. A\nremote attacker could use this flaw to send a specially-crafted packet that\nwould cause a denial of service or code execution. (CVE-2009-1385,\nImportant)\n\n* the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared when a\nsetuid or setgid program was executed. A local, unprivileged user could use\nthis flaw to bypass the mmap_min_addr protection mechanism and perform a\nNULL pointer dereference attack, or bypass the Address Space Layout\nRandomization (ASLR) security feature. (CVE-2009-1895, Important)\n\n* it was discovered that, when executing a new process, the clear_child_tid\npointer in the Linux kernel is not cleared. If this pointer points to a\nwritable portion of the memory of the new program, the kernel could corrupt\nfour bytes of memory, possibly leading to a local denial of service or\nprivilege escalation. (CVE-2009-2848, Important)\n\n* missing initialization flaws were found in getname() implementations in\nthe IrDA sockets, AppleTalk DDP protocol, NET/ROM protocol, and ROSE\nprotocol implementations in the Linux kernel. Certain data structures in\nthese getname() implementations were not initialized properly before being\ncopied to user-space. These flaws could lead to an information leak.\n(CVE-2009-3002, Important)\n\n* a NULL pointer dereference flaw was found in each of the following\nfunctions in the Linux kernel: pipe_read_open(), pipe_write_open(), and\npipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could\nbe released by other processes before it is used to update the pipe's\nreader and writer counters. This could lead to a local denial of service or\nprivilege escalation. (CVE-2009-3547, Important)\n\nBug fixes:\n\n* this update adds the mmap_min_addr tunable and restriction checks to help\nprevent unprivileged users from creating new memory mappings below the\nminimum address. This can help prevent the exploitation of NULL pointer\ndereference bugs. Note that mmap_min_addr is set to zero (disabled) by\ndefault for backwards compatibility. (BZ#512642)\n\n* a bridge reference count problem in IPv6 has been fixed. (BZ#457010)\n\n* enforce null-termination of user-supplied arguments to setsockopt().\n(BZ#505514)\n\n* the gcc flag \"-fno-delete-null-pointer-checks\" was added to the kernel\nbuild options. This prevents gcc from optimizing out NULL pointer checks\nafter the first use of a pointer. NULL pointer bugs are often exploited by\nattackers. Keeping these checks is a safety measure. (BZ#511185)\n\n* a check has been added to the IPv4 code to make sure that rt is not NULL,\nto help prevent future bugs in functions that call ip_append_data() from\nbeing exploitable. (BZ#520300)\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.0, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2009-11-03T00:00:00", "type": "redhat", "title": "(RHSA-2009:1550) Important: kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5029", "CVE-2008-5300", "CVE-2009-1337", "CVE-2009-1385", "CVE-2009-1895", "CVE-2009-2848", "CVE-2009-3002", "CVE-2009-3547"], "modified": "2018-05-26T00:26:18", "id": "RHSA-2009:1550", "href": "https://access.redhat.com/errata/RHSA-2009:1550", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:31", "description": "Double listen&#40;&#41; on the same socket causes creation of unassigned vcc table entry, which causes infinite loop in kernel on attempt to cat vc table. inotify subsystem race conditions allow privilege escalation, socket-related memory exhaustion. chip_command&#40;&#41; NULL pointer dereference. HFS file sytem mounting buffer overflow.", "cvss3": {}, "published": "2008-12-29T00:00:00", "type": "securityvulns", "title": "Linux kernel multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2008-5033", "CVE-2008-5182", "CVE-2008-5079", "CVE-2008-5025", "CVE-2008-5300"], "modified": "2008-12-29T00:00:00", "id": "SECURITYVULNS:VULN:9488", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9488", "sourceData": "", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:31", "description": "Multiple DoS conditions.", "cvss3": {}, "published": "2009-01-31T00:00:00", "type": "securityvulns", "title": "Linux kernel multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2008-5702", "CVE-2008-5395", "CVE-2008-5700", "CVE-2008-5182", "CVE-2008-5079", "CVE-2008-5300"], "modified": "2009-01-31T00:00:00", "id": "SECURITYVULNS:VULN:9633", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9633", "sourceData": "", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2023-06-20T16:10:27", "description": "## Releases\n\n * Ubuntu 8.10 \n\n## Packages\n\n * linux \\- \n\nHugo Dias discovered that the ATM subsystem did not correctly manage \nsocket counts. A local attacker could exploit this to cause a system hang, \nleading to a denial of service. (CVE-2008-5079)\n\nIt was discovered that the inotify subsystem contained watch removal \nrace conditions. A local attacker could exploit this to crash the system, \nleading to a denial of service. (CVE-2008-5182)\n\nDann Frazier discovered that in certain situations sendmsg did not \ncorrectly release allocated memory. A local attacker could exploit \nthis to force the system to run out of free memory, leading to a denial \nof service. (CVE-2008-5300)\n\nHelge Deller discovered that PA-RISC stack unwinding was not handled \ncorrectly. A local attacker could exploit this to crash the system, \nleading do a denial of service. This did not affect official Ubuntu \nkernels, but was fixed in the source for anyone performing HPPA kernel \nbuilds. (CVE-2008-5395)\n\nIt was discovered that the ATA subsystem did not correctly set timeouts. A \nlocal attacker could exploit this to cause a system hang, leading to a \ndenial of service. (CVE-2008-5700)\n\nIt was discovered that the ib700 watchdog timer did not correctly check \nbuffer sizes. A local attacker could send a specially crafted ioctl \nto the device to cause a system crash, leading to a denial of service. \n(CVE-2008-5702)\n", "cvss3": {}, "published": "2009-01-29T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5079", "CVE-2008-5182", "CVE-2008-5300", "CVE-2008-5395", "CVE-2008-5700", "CVE-2008-5702"], "modified": "2009-01-29T00:00:00", "id": "USN-715-1", "href": "https://ubuntu.com/security/notices/USN-715-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-20T16:10:31", "description": "## Releases\n\n * Ubuntu 8.04 \n * Ubuntu 7.10 \n * Ubuntu 6.06 \n\n## Packages\n\n * linux \\- \n * linux-source-2.6.15 \\- \n * linux-source-2.6.22 \\- \n\nHugo Dias discovered that the ATM subsystem did not correctly manage socket \ncounts. A local attacker could exploit this to cause a system hang, leading \nto a denial of service. (CVE-2008-5079)\n\nIt was discovered that the libertas wireless driver did not correctly \nhandle beacon and probe responses. A physically near-by attacker could \ngenerate specially crafted wireless network traffic and cause a denial of \nservice. Ubuntu 6.06 was not affected. (CVE-2008-5134)\n\nIt was discovered that the inotify subsystem contained watch removal race \nconditions. A local attacker could exploit this to crash the system, \nleading to a denial of service. (CVE-2008-5182)\n\nDann Frazier discovered that in certain situations sendmsg did not \ncorrectly release allocated memory. A local attacker could exploit this to \nforce the system to run out of free memory, leading to a denial of service. \nUbuntu 6.06 was not affected. (CVE-2008-5300)\n\nIt was discovered that the ATA subsystem did not correctly set timeouts. A \nlocal attacker could exploit this to cause a system hang, leading to a \ndenial of service. (CVE-2008-5700)\n\nIt was discovered that the ib700 watchdog timer did not correctly check \nbuffer sizes. A local attacker could send a specially crafted ioctl to the \ndevice to cause a system crash, leading to a denial of service. \n(CVE-2008-5702)\n\nIt was discovered that in certain situations the network scheduler did not \ncorrectly handle very large levels of traffic. A local attacker could \nproduce a high volume of UDP traffic resulting in a system hang, leading to \na denial of service. Ubuntu 8.04 was not affected. (CVE-2008-5713)\n", "cvss3": {}, "published": "2009-01-29T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5079", "CVE-2008-5134", "CVE-2008-5182", "CVE-2008-5300", "CVE-2008-5700", "CVE-2008-5702", "CVE-2008-5713"], "modified": "2009-01-29T00:00:00", "id": "USN-714-1", "href": "https://ubuntu.com/security/notices/USN-714-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:46", "description": "[2.6.9-78.0.13.0.1.EL]\n- fix entropy flag in bnx2 driver to generate entropy pool (John Sobecki) \n [orabug 5931647]\n- fix skb alignment that was causing sendto() to fail with EFAULT (Olaf Kirch) \n [orabug 6845794]\n- fix enomem due to larger mtu size page alloc (Zach Brown) [orabug 5486128]\n- fix per_cpu() api bug_on with rds (Zach Brown) [orabug 5760648]\n- backout patch sysrq-b that queues upto keventd thread (Guru Anbalagane) \n [orabug 6125546]\n- netrx/netpoll race avoidance (Tina Yang) [orabug 6143381]\n- fix guest spinning in xen (Herbert van den Bergh) [orabug 7004010]\n- fix serial port lock recursion (Herbert van den Bergh) [orabug 6761872]\n- [XEN] Fix elf_core_dump (Tina Yang) [orabug 6995928]\n- fix in nfs_attribute_timeout() (Trond Myklebust) [orabug 7378108]\n- use lfence instead of cpuid instruction to implement memory barriers\n (Herbert van den Bergh) [orabug 7452412]\n- add netpoll support to xen netfront (Tina Yang) [orabz 7261]\n- [xen] execshield: fix endless GPF fault loop (Stephen Tweedie) [orabug 7175395]\n- port Red Hat bug 472572: HVM crash in net/core/dev.c during boot [orabug 7653948]\n The following Red Hat patches were ported from the source RPM at:\n http://people.redhat.com/vgoyal/rhel4/SRPMS.kernel/kernel-2.6.9-78.22.EL.src.rpm\n linux-2.6.9-xen-fix-netfront-mem-leak.patch\n linux-2.6.9-xen-xen-vnif-stops-working-on-reception-of-duplicat.patch\n linux-2.6.9-xen-guest-will-crash-if-rtl8139-nic-is-only-one-spe.patch\n- fix kernel null dereference in ap_suspend() during migration [orabug 7635625]\n Ported from the el5u2 xenpv-0.1-9.0.1.el5 patch\n ovs-bugz7262-fix-migration-hang-due-to-write-lock-starvation.patch.\n In el5u2, the fix is to the xenpv driver. For el4u7, the xenpv driver\n was moved into the kernel.\n- port el4u6 xenpv patch (orabug 7442030) for live migration hang \n [orabug 7458244]\n- [xen]: port el5u2 patch that allows 64-bit PVHVM guest to boot with 32-bit \n dom0 [orabug 7452107]\n- [mm] update shrink_zone patch to allow 100% swap utilization (John Sobecki, \n Chris Mason, Chuck Anderson, Dave McCracken) [orabug 7566319,6086839] \n- [nfs] update fix for attribute caching when using actimeo=0 (Chuck Lever, \n John Sobecki) [ORABUG 7131141,7156607,7388056] [RHBZ 446083,476726]\n- [kernel] backport report_lost_ticks patch from EL5.2 (John Sobecki) \n [orabug 6110605]\n[2.6.9-78.0.13]\n-net: fix unix socket panic patch missing hunk (Neil Horman) [473267 473268] {CVE-2008-5300}\n[2.6.9-78.0.12]\n-revert: fix race between poll_napi and net_rx_action (Andy Gospodarek) [475970 463815]\n[2.6.9-78.0.11]\n-net: fix unix socket panic patch regression (Neil Horman) [470433 470434 473267 473268] {CVE-2008-5029 CVE-2008-5300}\n-net: fix race between poll_napi and net_rx_action (Andy Gospodarek) [475970 463815]\n-kernel: watchdog: fix buffer_underflow bug (Eugene Teo) [475738 475739]\n-xen: fix lost packets when live migrating (Don Dutile) [469891 460874]\n-xen: remove /proc/xen from fv and bare metal kernels (Don Dutile) [476534 460984]\n[2.6.9-78.0.10]\n-fix cpuspeed not working on intel based servers (Tony Camuso) [458156 440267]\n-fix regression in cpuspeed (Prarit Bhargava) [458156 440267]\n-cpuspeed: fix transition of p-states (Tony Camuso) [458156 440267]\n-net: fix unix socket panic (Neil Horman) [470433 470434] {CVE-2008-5029}\n-hfsplus: fix buffer overflow with a corrupted image (Anton Arapov) [469635 469636] {CVE-2008-4933}\n-hfsplus: check read_mapping_page return value (Anton Arapov) [469642 469643] {CVE-2008-4934}\n-hfs: fix namelength memory corruption (Anton Arapov) [470770 470771] {CVE-2008-5025}\n-add range_is_allowed check to mmap_mem (Eugene Teo) [460862 460859]\n-fix add range_is_allowed check regression (Vitaly Mayatskikh) [460862 460859]\n[2.6.9-78.0.9]\n-atkbd: cancel delayed work before freeing its structure (Jiri Pirko) [461239 461240]\n-atkbd: delay executing of led switching request (Jiri Pirko) [461239 461240]\n-kernel: fix copy_user on x86_64 for read of < 8 bytes (Larry Woodman) [471015 453053]\n-fix diskdump failure when numa is on (Takao Indoh) [470034 457736]\n-ipv4: fix byte value boundary check in ip_getsockopt (Jiri Pirko) [470196 462741]\n-fix linux kernel local filesystem dos (Eugene Teo) [457863 457864] {CVE-2008-3275}\n-netpoll: play nicely with bonding (Andy Gospodarek) [471391 248374]\n-sched: fix isolcpus vs balance bug (Peter Zijlstra) [471222 461156]", "cvss3": {}, "published": "2009-01-15T00:00:00", "type": "oraclelinux", "title": "kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2008-5702", "CVE-2008-5029", "CVE-2008-5025", "CVE-2008-5300", "CVE-2008-4933", "CVE-2008-3275", "CVE-2008-4934"], "modified": "2009-01-15T00:00:00", "id": "ELSA-2009-0014", "href": "http://linux.oracle.com/errata/ELSA-2009-0014.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:23", "description": "[2.4.21-63.0.0.0.1.EL]\n- add directio support for qla drivers (herb) [ora 6346849]\n- support PT Quad card [ora 5751043]\n- io to nfs partition hangs [ora 5088963]\n- add entropy for bnx2 nic [ora 5931647]\n- avoid large allocation-fragmentation in MTU (zab)\n- fix clear highpage (wli)\n[2.4.21-63.EL]\n- fs: fix pipe null pointer dereference (Don Howard) [530935] {CVE-2009-3547}\n[2.4.21-61.EL]\n- ipv6: use timer pending to fix bridge reference count problem (Don Howard) [457010]\n- net: fix unix socket panic (Don Howard) [470432] {CVE-2008-5029}\n- unix: fix oom with unix socket garbage collector [473266] {CVE-2008-5300}\n- exit_notify: kill the wrong capable check (Don Howard) [497266] {CVE-2009-1337}\n- e1000: fix skb_over_panic (Don Howard) [503439] {CVE-2009-1385}\n- net: ensure devname passed to SO_BINDTODEVICE is NULL-terminated (Don Howard) [505514]\n- kernel: personality handling: fix per_clear_on_setid (Don Howard) [508845] {CVE-2009-1895}\n- build with fno-delete-null-pointer-checks (Don Howard) [511185]\n- implement mmap_min_addr infrastructure (Don Howard) [512642]\n- execve: must clear current->clear_child_tid (Don Howard) [515426] {CVE-2009-2848}\n- net: Fix info leaks in getname() implementations (Don Howard) [520292] {CVE-2009-3002}\n- net: ipv4: ip_append_data handle NULL routing table (Don Howard) [520300] ", "cvss3": {}, "published": "2009-11-04T00:00:00", "type": "oraclelinux", "title": "kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2009-1895", "CVE-2009-1385", "CVE-2008-5029", "CVE-2009-3547", "CVE-2008-5300", "CVE-2009-3002", "CVE-2009-1337", "CVE-2009-2848"], "modified": "2009-11-04T00:00:00", "id": "ELSA-2009-1550", "href": "http://linux.oracle.com/errata/ELSA-2009-1550.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:42", "description": "[2.6.18-128.el5]\n- [cifs] cifs_writepages may skip unwritten pages (Jeff Layton ) [470267]\n[2.6.18-127.el5]\n- Revert: [i386]: check for dmi_data in powernow_k8 driver (Prarit Bhargava ) [476184]\n- [xen] re-enable using xenpv in boot path for FV guests (Don Dutile ) [473899]\n- [xen] pv_hvm: guest hang on FV save/restore (Don Dutile ) [475778]\n- [openib] fix ipoib oops in unicast_arp_send (Doug Ledford ) [476005]\n- [scsi] fnic: remove link down count processing (mchristi@redhat.com ) [474935]\n- Revert: [x86] disable hpet on machine_crash_shutdown (Neil Horman ) [475652]\n- [scsi] ibmvscsi: EH fails due to insufficient resources (AMEET M. PARANJAPE ) [475618]\n- [x86_64] proc: export GART region through /proc/iomem (Neil Horman ) [475507]\n- [acpi] add xw8600 and xw6600 to GPE0 block blacklist (Prarit Bhargava ) [475418]\n- [net] cxgb3: fixup embedded firmware problems take 2 (Andy Gospodarek ) [469774]\n[2.6.18-126.el5]\n- [scsi] mpt fusion: disable msi by default (Tomas Henzl ) [474465]\n- [scsi] fcoe: update drivers (mchristi@redhat.com ) [474089]\n- [scsi] fix error handler to call scsi_decide_disposition (Tom Coughlan ) [474345]\n- [scsi] lpfc: fix cancel_retry_delay (Tom Coughlan ) [470610]\n- [x86] disable hpet on machine_crash_shutdown (Neil Horman ) [473038]\n- Revert [mm] keep pagefault from happening under pagelock (Don Zickus ) [473150]\n- [net] enic: update to version 1.0.0.648 (Andy Gospodarek ) [473871]\n- [scsi] qla4xxx: increase iscsi session check to 3-tuple (Marcus Barrow ) [474736]\n- [agp] update the names of some graphics drivers (John Villalovos ) [472438]\n- [net] atm: prevent local denial of service (Eugene Teo ) [473701] {CVE-2008-5079}\n- [scsi] remove scsi_dh_alua (mchristi@redhat.com ) [471920]\n- [scsi] qla2xx/qla84xx: occasional panic on loading (Marcus Barrow ) [472382]\n- [net] cxgb3: eeh and eeprom fixups (Andy Gospodarek ) [441959]\n- [net] cxgb3: fixup embedded firmware problems (Andy Gospodarek ) [469774]\n- [wireless] iwlwifi/mac80211: various small fixes (John W. Linville ) [468967]\n- [x86_64] fix AMD IOMMU boot issue (Joachim Deguara ) [473464]\n- [x86_64] limit num of mce sysfs files removed on suspend (Prarit Bhargava ) [467725]\n- [xen] console: make LUKS passphrase readable (Bill Burns ) [466240]\n- [x86_64] Calgary IOMMU sysdata fixes (Prarit Bhargava ) [474047]\n- [alsa] select 3stack-dig model for SC CELSIUS R670 (Jaroslav Kysela ) [470449]\n- [ata] libata: lba_28_ok sector off by one (David Milburn ) [464868]\n- [ppc64] fix system calls on Cell entered with XER.SO=1 (Jesse Larrew ) [474196]\n- [block] fix max_segment_size, seg_boundary mask setting (Milan Broz ) [471639]\n- [fs] jbd: alter EIO test to avoid spurious jbd aborts (Eric Sandeen ) [472276]\n- [acpi] acpi_cpufreq: fix panic when removing module (Prarit Bhargava ) [472844]\n- [openib] ehca: fix generating flush work completions (AMEET M. PARANJAPE ) [472812]\n- [ata] libata: sata_nv hard reset mcp55 (David Milburn ) [473152]\n- [misc] fix add return signal to ptrace_report_exec (AMEET M. PARANJAPE ) [471112]\n- [misc] utrace: prevent ptrace_induce_signal() crash (Oleg Nesterov ) [469754]\n- [misc] utrace: make ptrace_state refcountable (Oleg Nesterov ) [469754]\n- [net] virtio_net: mergeable receive buffers (Mark McLoughlin ) [473120]\n- [net] virtio_net: jumbo frame support (Mark McLoughlin ) [473114]\n- [net] tun: jumbo frame support (Mark McLoughlin ) [473110]\n- [net] fix unix sockets kernel panic (Neil Horman ) [470436] {CVE-2008-5029}\n- [xen] x86: emulate movzwl with negative segment offsets (Chris Lalancette ) [471801]\n[2.6.18-125.el5]\n- [net] cxgb3: embed firmware in driver (Andy Gospodarek ) [469774]\n- [net] cxgb3: eeh, lro, and multiqueue fixes (Andy Gospodarek ) [441959]\n- [misc] support for Intels Ibex Peak (peterm@redhat.com ) [472961]\n- [audit] race between inotify watch removal and unmount (Josef Bacik ) [472329] {CVE-2008-5182}\n- [net] mlx4: panic when inducing pci bus error (AMEET M. PARANJAPE ) [472769]\n- [s390] cio: DASD device driver times out (Hans-Joachim Picht ) [459803]\n- [misc] hugepages: ia64 stack overflow and corrupt memory (Larry Woodman ) [472802]\n- [net] niu: fix obscure 64-bit read issue (Andy Gospodarek ) [472849]\n- [x86] nmi_watchdog: call do_nmi_callback from traps-xen (Aristeu Rozanski ) [471111]\n- [GFS2] recovery stuck (Abhijith Das ) [465856]\n- [misc] fix check_dead_utrace vs do_wait() race (Oleg Nesterov ) [466774]\n- [scsi] cciss: add two new PCI IDs (Tom Coughlan ) [471679]\n- [x86] fix memory-less NUMA node booting (Prarit Bhargava ) [471424]\n- [pci] generic fix for EEH restore all registers (Jesse Larrew ) [470580]\n- [net] e1000e: remove fix for EEH restore all registers (Jesse Larrew ) [470580]\n- [agp] use contiguous memory to support xen (Rik van Riel ) [412691]\n- [edac] i5000_edac: fix misc/thermal error messages (Aristeu Rozanski ) [471933]\n- [alsa] fix PCM write blocking (Jaroslav Kysela ) [468202]\n- [xen] build xen-platform-pci as a module (Don Dutile ) [472504]\n- [scsi] qla2xx/qla84xx: failure to establish link (Marcus Barrow ) [472382]\n- [acpi] add systems to GPE register blacklist (Prarit Bhargava ) [471341]\n- [ia64] replace printk with mprintk in MCA/INIT context (Kei Tokunaga ) [471970]\n- [usb] add support for dell keyboard 431c:2003 (Mauro Carvalho Chehab ) [471469]\n- [net] e1000e: enable ECC correction on 82571 silicon (Andy Gospodarek ) [472095]\n- [dlm] fix up memory allocation flags (David Teigland ) [471871]\n- [xen] x86: fix highmem-xen.c BUG() (Chris Lalancette ) [452175]\n- [xen] guest crashes if RTL8139 NIC is only one specified (Don Dutile ) [471110]\n- [net] bnx2: fix oops on call to poll_controller (Neil Horman ) [470625]\n- [scsi] update fcoe drivers (mchristi@redhat.com ) [436051]\n- [net] bnx2: add support for 5716s (Andy Gospodarek ) [471903]\n- [openib] IPoIB: fix oops on fabric events (Doug Ledford ) [471890]\n- [libata] force sb600/700 ide mode into ahci on resume (David Milburn ) [466422]\n- [xen] increase maximum DMA buffer size (Rik van Riel ) [412691]\n- [xen] fix physical memory address overflow (Rik van Riel ) [412691]\n[2.6.18-124.el5]\n- [s390] qeth: EDDP for large TSO skb fragment list (Hans-Joachim Picht ) [468068]\n- [s390] missing bits for audit-fork (Alexander Viro ) [461831]\n- [net] ixgbe: add support for 82598AT (Andy Gospodarek ) [454910]\n- [libata] avoid overflow in ata_tf_read_block (David Milburn ) [471576]\n- [md] dm-mpath: NULL ptr access in path activation code (Milan Broz ) [471393]\n- [scsi] qla2xxx: no NPIV for loop connections (Marcus Barrow ) [471269]\n- [ppc64] spufs: clean up page fault error checking (AMEET M. PARANJAPE ) [470301]\n- [fs] cifs: corrupt data due to interleaved write calls (Jeff Layton ) [470267]\n- [misc] lots of interrupts with /proc/.../hz_timer=0 (Hans-Joachim Picht ) [470289]\n- [selinux] recognize addrlabel netlink messages (Thomas Graf ) [446063]\n- [acpi] thinkpad: fix autoloading (Matthew Garrett ) [466816]\n- [net] bnx2x: eeh, unload, probe, and endian fixes (Andy Gospodarek ) [468922]\n- [firewire] various bug and module unload hang fixes (Jay Fenlason ) [469710 469711]\n[2.6.18-123.el5]\n- [s390] cio: reduce cpu utilization during device scan (Hans-Joachim Picht ) [459793]\n- [s390] cio: fix double unregistering of subchannels (Hans-Joachim Picht ) [456087]\n- [video] uvc: buf overflow in format descriptor parsing (Jay Fenlason ) [470427] {CVE-2008-3496}\n- [usb] add HID_QUIRK_RESET_LEDS to some keyboards (mchehab@infradead.org ) [434538]\n- [acpi] always use 32 bit value for GPE0 on HP xw boxes (Prarit Bhargava ) [456638]\n- [wireless] iwlagn/mac80211 IBSS fixes (John W. Linville ) [438388]\n- [ppc64] cell: fix page fault error checking in spufs (AMEET M. PARANJAPE ) [470301]\n- [input] atkbd: cancel delayed work before freeing struct (Jiri Pirko ) [461233]\n- [openib] ehca: deadlock race when creating small queues (Jesse Larrew ) [470137]\n- [openib] mthca: fix dma mapping leak (AMEET M. PARANJAPE ) [469902]\n- [openib] ib_core: use weak ordering for user memory (AMEET M. PARANJAPE ) [469902]\n- [ppc64] dma-mapping: provide attributes on cell platform (AMEET M. PARANJAPE ) [469902]\n- [net] bnx2: prevent ethtool -r EEH event (AMEET M. PARANJAPE ) [469962]\n- [net] bonding: update docs for arp_ip_target behavior (Andy Gospodarek ) [468870]\n- [xen] uninitialized watch structure can lead to crashes (Don Dutile ) [465849]\n- [openib] ehca: remove ref to QP if port activation fails (AMEET M. PARANJAPE ) [469941]\n- [usb] fix locking for input devices (James Paradis ) [468915]\n- [nfs] oops in direct I/O error handling (Steve Dickson ) [466164]\n- [md] crash in device mapper if the user removes snapshot (Mikulas Patocka ) [468473]\n- [openib] config update: enable some debugging (Doug Ledford ) [469410]\n- [sata] libata is broken with large disks (David Milburn ) [469715]\n- [md] dm-raid1: support extended status output (Jonathan Brassow ) [437177]\n- [s390] qdio: repair timeout handling for qdio_shutdown (Hans-Joachim Picht ) [463164]\n- [openib] race in ipoib_cm_post_receive_nonsrq (AMEET M. PARANJAPE ) [463485]\n- [xen] remove contiguous_bitmap (Chris Lalancette ) [463500]\n- [xen] ia64: backport check_pages_physically_contiguous (Chris Lalancette ) [463500]\n- [ppc64] cell: corrupt SPU coredump notes (AMEET M. PARANJAPE ) [431881]\n- [ppc64] spufs: missing context switch notification log-2 (AMEET M. PARANJAPE ) [462622]\n- [ppc64] spufs: missing context switch notification log-1 (AMEET M. PARANJAPE ) [462622]\n- [misc] spec: add generic Obsoletes for 3rd party drivers (Jon Masters ) [460047]\n- [x86] vDSO: use install_special_mapping (Peter Zijlstra ) [460276] {CVE-2008-3527}\n- [xen] limit node poking to available nodes (Joachim Deguara ) [449803]\n- [xen] live migration of PV guest fails (Don Dutile ) [469230]\n[2.6.18-122.el5]\n- [acpi] check common dmi tables on systems with acpi (Andy Gospodarek ) [469444]\n- [scsi] qla3xxx, qla4xxx: update/use new version format (Marcus Barrow ) [469414]\n- [md] dm-stripe.c: RAID0 event handling (Heinz Mauelshagen ) [437173]\n- [md] dm-raid45.c: add target to makefile (Heinz Mauelshagen ) [437180]\n- [md] dm-raid45.c: revert to RHEL5 dm-io kabi (Heinz Mauelshagen ) [437180]\n- [wireless] iwlwifi: avoid sleep in softirq context (John W. Linville ) [467831]\n- [net] bonding: allow downed interface before mod remove (Andy Gospodarek ) [467244]\n- [acpi] fix boot hang on old systems without _CST methods (Matthew Garrett ) [467927]\n- [scsi] qla2xxx: fix entries in class_device_attributes (Marcus Barrow ) [468873]\n- [ppc64] clock_gettime is not incrementing nanoseconds (AMEET M. PARANJAPE ) [469073]\n- [scsi] add fnic driver (mchristi@redhat.com ) [462385]\n- [scsi] add libfc and software fcoe driver (mchristi@redhat.com ) [436051]\n- [openib] ppc64: fix using SDP on 64K page systems (AMEET M. PARANJAPE ) [468872]\n- [fs] ext4: delay capable checks to avoid avc denials (Eric Sandeen ) [467216]\n- [fs] ext3: fix accessing freed memory in ext3_abort (Eric Sandeen ) [468547]\n- [fs] autofs4: correct offset mount expire check (Ian Kent ) [468187]\n- [fs] autofs4: cleanup autofs mount type usage (Ian Kent ) [468187]\n- [openib] ehca: queue and completion pair setup problem (AMEET M. PARANJAPE ) [468237]\n- [xen] PV: dom0 hang when device re-attached to in guest (Don Dutile ) [467773]\n- [scsi] qla2xxx: correct Atmel flash-part handling (Marcus Barrow ) [468573]\n- [scsi] qla2xxx: 84xx show FW VER and netlink code fixes (Marcus Barrow ) [464681]\n- [scsi] qla2xxx: restore disable by default of MSI, MSI-X (Marcus Barrow ) [468555]\n- [scsi] lpfc: Emulex RHEL-5.3 bugfixes (Tom Coughlan ) [461795]\n- [s390] qdio: speedup multicast on full HiperSocket queue (Hans-Joachim Picht ) [463162]\n- [ppc64] kexec/kdump: disable ptcal on QS21 (AMEET M. PARANJAPE ) [462744]\n- [ppc64] ptcal has to be disabled to use kexec on QS21 (AMEET M. PARANJAPE ) [462744]\n- [net] ixgbe: bring up device without crashing fix (AMEET M. PARANJAPE ) [467777]\n- [fs] ecryptfs: storing crypto info in xattr corrupts mem (Eric Sandeen ) [468192]\n- [misc] rtc: disable SIGIO notification on close (Vitaly Mayatskikh ) [465747]\n- [net] allow rcv on inactive slaves if listener exists (Andy Gospodarek ) [448144]\n- [net] e1000e: update driver to support recovery (AMEET M. PARANJAPE ) [445299]\n- [xen] virtio_net: some relatively minor fixes (Mark McLoughlin ) [468034]\n- [kabi] add dlm_posix_set_fsid (Jon Masters ) [468538]\n- [wireless] iwlwifi: fix busted tkip encryption _again_ (John W. Linville ) [467831]\n- [x86] make halt -f command work correctly (Ivan Vecera ) [413921]\n- [ppc64] EEH PCI-E: recovery fails E1000; support MSI (AMEET M. PARANJAPE ) [445299]\n- [x86_64] create a fallback for IBM Calgary (Pete Zaitcev ) [453680]\n- [drm] i915 driver arbitrary ioremap (Eugene Teo ) [464509] {CVE-2008-3831}\n- [xen] x86: allow the kernel to boot on pre-64 bit hw (Chris Lalancette ) [468083]\n[2.6.18-121.el5]\n- [net] tun: fix printk warning (Mark McLoughlin ) [468536]\n- [xen] FV: fix lockdep warnings when running debug kernel (Don Dutile ) [459876]\n- [xen] fix crash on IRQ exhaustion (Bill Burns ) [442736]\n- [net] ipv4: fix byte value boundary check (Jiri Pirko ) [468148]\n- [ia64] fix ptrace hangs when following threads (Denys Vlasenko ) [461456]\n- [net] tcp: let skbs grow over a page on fast peers (Mark McLoughlin ) [467845]\n- [md] random memory corruption in snapshots (Mikulas Patocka ) [465825]\n- [misc] ptrace: fix exec report (Jerome Marchand ) [455060]\n- [gfs2] set gfp for data mappings to GFP_NOFS (Steven Whitehouse ) [467689]\n- [nfs] remove recoverable BUG_ON (Steve Dickson ) [458774]\n- [openib] ehca: attempt to free srq when none exists (AMEET M. PARANJAPE ) [463487]\n- [fs] dont allow splice to files opened with O_APPEND (Eugene Teo ) [466710] {CVE-2008-4554}\n- [fs] ext4: add missing aops (Eric Sandeen ) [466246]\n- [ppc64] add missing symbols to vmcoreinfo (Neil Horman ) [465396]\n- [net] sctp: INIT-ACK indicates no AUTH peer support oops (Eugene Teo ) [466082] {CVE-2008-4576}\n- [ppc64] fix race for a free SPU (AMEET M. PARANJAPE ) [465581]\n- [ppc64] SPUs hang when run with affinity-2 (AMEET M. PARANJAPE ) [464686]\n- [ppc64] SPUs hang when run with affinity-1 (AMEET M. PARANJAPE ) [464686]\n- [openib] ehca: add flush CQE generation (AMEET M. PARANJAPE ) [462619]\n- [x86] PAE: limit RAM to 64GB/PAE36 (Larry Woodman ) [465373]\n- [nfs] portmap client race (Steve Dickson ) [462332]\n- [input] atkbd: delay executing of LED switching request (Jiri Pirko ) [461233]\n- [x86] powernow_k8: depend on newer version of cpuspeed (Brian Maly ) [468764]\n- [fs] ext4: fix warning on x86_64 build (Eric Sandeen ) [463277]\n- [crypto] fix ipsec crash with MAC longer than 16 bytes (Neil Horman ) [459812]\n- [fs] ecryptfs: depend on newer version of ecryptfs-utils (Eric Sandeen ) [468772]\n- [ppc64] support O_NONBLOCK in /proc/ppc64/rtas/error_log (Vitaly Mayatskikh ) [376831]\n- [xen] ia64: make viosapic SMP-safe by adding lock/unlock (Tetsu Yamamoto ) [466552]\n- [xen] ia64: VT-i2 performance restoration (Bill Burns ) [467487]\n[2.6.18-120.el5]\n- [misc] futex: fixup futex compat for private futexes (Peter Zijlstra ) [467459]\n- [pci] set domain/node to 0 in PCI BIOS enum code path (Prarit Bhargava ) [463418]\n- [scsi] qla2xxx: prevent NPIV conf for older hbas (Marcus Barrow ) [467153]\n- [scsi] fix oops after trying to removing rport twice (Marcus Barrow ) [465945]\n- [agp] re-introduce 82G965 graphics support (Prarit Bhargava ) [466307]\n- [agp] correct bug in stolen size calculations (Dave Airlie ) [463853]\n- [scsi] qla2xxx: merge errors caused initialize failures (Marcus Barrow ) [442946]\n- [dm] mpath: moving path activation to workqueue panics (Milan Broz ) [465570]\n- [scsi] aacraid: remove some quirk AAC_QUIRK_SCSI_32 bits (Tomas Henzl ) [453472]\n- Revert: [ppc64] compile and include the addnote binary (Don Zickus ) [462663]\n- [scsi] cciss: the output of LUN size and type wrong (Tomas Henzl ) [466030]\n- [misc] posix-timers: event vs dequeue_signal() race (Mark McLoughlin ) [466167]\n- [ata] libata: ahci enclosure management support (David Milburn ) [437190]\n- [gfs2] fix jdata page invalidation (Steven Whitehouse ) [437803]\n- [net] sky2: fix hang resulting from link flap (Neil Horman ) [461681]\n- [ata] libata: ata_piix sata/ide combined mode fix (David Milburn ) [463716]\n- [gfs2] fix for noatime support (Steven Whitehouse ) [462579]\n- [fs] remove SUID when splicing into an inode (Eric Sandeen ) [464452]\n- [fs] open() allows setgid bit when user is not in group (Eugene Teo ) [463687] {CVE-2008-4210}\n- [dlm] add old plock interface (David Teigland ) [462354]\n- [audit] fix NUL handling in TTY input auditing (Miloslav Trmac ) [462441]\n- [xen] ia64: fix INIT injection (Tetsu Yamamoto ) [464445]\n[2.6.18-119.el5]\n- [ppc64] compile and include the addnote binary (Don Zickus ) [462663]\n- [scsi] qla2xxx: new version string defintion (Marcus Barrow ) [465023]\n- [acpi] configs update for acpi-cpufreq driver (Matthew Garrett ) [449787]\n[2.6.18-118.el5]\n- [scsi] fix QUEUE_FULL retry handling (mchristi@redhat.com ) [463709]\n- [drm] support for Intel Cantiga and Eaglelake (Dave Airlie ) [438400]\n- [agp] add support for Intel Cantiga and Eaglelake (Dave Airlie ) [463853]\n- Revert: [mm] fix support for fast get user pages (Dave Airlie ) [447649]\n- [ppc64] netboot image too large (Ameet Paranjape ) [462663]\n- [scsi] scsi_error: retry cmd handling of transport error (mchristi@redhat.com ) [463206]\n- [net] correct mode setting for extended sysctl interface (Neil Horman ) [463659]\n- [net] e1000e: protect ICHx NVM from malicious write/erase (Andy Gospodarek ) [463503]\n- [s390] qdio: fix module ref counting in qdio_free (Hans-Joachim Picht ) [458074]\n- [scsi] qla2xxx: use the NPIV table to instantiate port (Marcus Barrow ) [459015]\n- [scsi] qla2xxx: use the Flash Layout Table (Marcus Barrow ) [459015]\n- [scsi] qla2xxx: use the Flash Descriptor Table (Marcus Barrow ) [459015]\n- [net] enic: add new 10GbE device (Andy Gospodarek ) [462386]\n- [net] ipt_CLUSTERIP: fix imbalanced ref count (Neil Horman ) [382491]\n- [scsi] qla2xxx: update 24xx,25xx firmware for RHEL-5.3 (Marcus Barrow ) [442946]\n- [net] bnx2: fix problems with multiqueue receive (Andy Gospodarek ) [441964]\n- [net] e1000: add module param to set tx descriptor power (Andy Gospodarek ) [436966]\n- [misc] preempt-notifier fixes (Eduardo Habkost ) [459838]\n- [tty] termiox support missing mutex lock (aris ) [445211]\n- [fs] ecryptfs: off-by-one writing null to end of string (Eric Sandeen ) [463478]\n- [misc] add tracepoints to activate/deactivate_task (Jason Baron ) [461966]\n- [scsi] qla2xxx: use rport dev loss timeout consistently (Marcus Barrow ) [462109]\n- [ata] libata: rmmod pata_sil680 hangs (David Milburn ) [462743]\n- [scsi] qla2xxx: support PCI Enhanced Error Recovery (Marcus Barrow ) [462416]\n- [ppc64] subpage protection for pAVE (Brad Peters ) [439489]\n- [ppc64] edac: enable for cell platform (Brad Peters ) [439507]\n[2.6.18-117.el5]\n- [mm] filemap: fix iov_base data corruption (Josef Bacik ) [463134]\n- Revert: [misc] create a kernel checksum file per FIPS140-2 (Don Zickus ) [444632]\n- [x86_64] NMI wd: clear perf counter registers on P4 (Aristeu Rozanski ) [461671]\n- [scsi] failfast bit setting in dm-multipath/multipath (mchristi@redhat.com ) [463470]\n- [scsi] fix hang introduced by failfast changes (Mark McLoughlin ) [463416]\n- [x86_64] revert time syscall changes (Prarit Bhargava ) [461184]\n[2.6.18-116.el5]\n- [x86] mm: fix endless page faults in mount_block_root (Larry Woodman ) [455491]\n- [mm] check physical address range in ioremap (Larry Woodman ) [455478]\n- [scsi] modify failfast so it does not always fail fast (mchristi@redhat.com ) [447586]\n- Revert: [mm] NUMA: system is slow when over-committing memory (Larry Woodman ) [457264]\n- [docs] update kernel-parameters with tick-divider (Chris Lalancette ) [454792]\n- [openib] add an enum for future RDS support (Doug Ledford ) [462551]\n- [pci] allow multiple calls to pcim_enable_device (John Feeney ) [462500]\n- [xen] virtio: include headers in kernel-headers package (Eduardo Pereira Habkost ) [446214]\n- [scsi] libiscsi: data corruption when resending packets (mchristi@redhat.com ) [460158]\n- [gfs2] glock deadlock in page fault path (Bob Peterson ) [458684]\n- [gfs2] panic if you misspell any mount options (Abhijith Das ) [231369]\n- [xen] allow guests to hide the TSC from applications (Chris Lalancette ) [378481] {CVE-2007-5907}\n[2.6.18-115.el5]\n- [scsi] qla2xxx: additional residual-count correction (Marcus Barrow ) [462117]\n- [audit] audit-fork patch (Alexander Viro ) [461831]\n- [net] ipv6: extra sysctls for additional TAHI tests (Neil Horman ) [458270]\n- [nfs] disable the fsc mount option (Steve Dickson ) [447474]\n- [acpi] correctly allow WoL from S4 state (Neil Horman ) [445890]\n- [ia64] procfs: show the size of page table cache (Takao Indoh ) [458410]\n- [ia64] procfs: reduce the size of page table cache (Takao Indoh ) [458410]\n- [fs] ecryptfs: disallow mounts on nfs, cifs, ecryptfs (Eric Sandeen ) [435115]\n- [md] add device-mapper message parser interface (heinzm@redhat.com ) [437180]\n- [md] add device-mapper RAID4/5 stripe locking interface (heinzm@redhat.com ) [437180]\n- [md] add device-mapper dirty region hash file (heinzm@redhat.com ) [437180]\n- [md] add device-mapper object memory cache interface (heinzm@redhat.com ) [437180]\n- [md] add device-mapper object memory cache (heinzm@redhat.com ) [437180]\n- [md] export dm_disk and dm_put (heinzm@redhat.com ) [437180]\n- [md] add device-mapper RAID4/5 target (heinzm@redhat.com ) [437180]\n- [md] add device-mapper message parser (heinzm@redhat.com ) [437180]\n- [md] add device mapper dirty region hash (heinzm@redhat.com ) [437180]\n- [md] add config option for dm RAID4/5 target (heinzm@redhat.com ) [437180]\n- [scsi] qla2xxx: update 8.02.00-k5 to 8.02.00-k6 (Marcus Barrow ) [459722]\n- [kabi] add vscnprintf, down_write_trylock to whitelist (Jon Masters ) [425341]\n- [kabi] add dlm_posix_get/lock/unlock to whitelist (Jon Masters ) [456169]\n- [kabi] add mtrr_add and mtrr_del to whitelist (Jon Masters ) [437129]\n- [kabi] add iounmap to whitelist (Jon Masters ) [435144]\n- [x86] make powernow_k8 a module (Brian Maly ) [438835]\n- [fs] ecryptfs: delay lower file opens until needed (Eric Sandeen ) [429142]\n- [fs] ecryptfs: unaligned access helpers (Eric Sandeen ) [457143]\n- [fs] ecryptfs: string copy cleanup (Eric Sandeen ) [457143]\n- [fs] ecryptfs: discard ecryptfsd registration messages (Eric Sandeen ) [457143]\n- [fs] ecryptfs: privileged kthread for lower file opens (Eric Sandeen ) [457143]\n- [fs] ecryptfs: propagate key errors up at mount time (Eric Sandeen ) [440413]\n- [fs] ecryptfs: update to 2.6.26 codebase (Eric Sandeen ) [449668]\n- Revert [misc] fix wrong test in wait_task_stopped (Anton Arapov ) [382211]\n[2.6.18-114.el5]\n- [xen] cpufreq: fix Nehalem/Supermicro systems (Rik van Riel ) [458894]\n- [net] enable TSO if supported by at least one device (Herbert Xu ) [461866]\n- [crypto] fix panic in hmac self test (Neil Horman ) [461537]\n- [scsi] qla2xxx/qla84xx: update to upstream for RHEL-5.3 (Marcus Barrow ) [461414]\n- [misc] hpilo: cleanup device_create for RHEL-5.3 (tcamuso@redhat.com ) [437212]\n- [misc] hpilo: update driver to 0.5 (tcamuso@redhat.com ) [437212]\n- [misc] hpilo: update to upstream 2.6.27 (tcamuso@redhat.com ) [437212]\n- [misc] futex: private futexes (Peter Zijlstra ) [460593]\n- [misc] preempt-notifiers implementation (Eduardo Habkost ) [459838]\n- [scsi] fusion: update to version 3.04.07 (Tomas Henzl ) [442025]\n- [fs] ext4/vfs/mm: core delalloc support (Eric Sandeen ) [455452]\n- [net] r8169: add support and fixes (Ivan Vecera ) [251252 441626 442635 443623 452761 453563 457892]\n- [md] LVM raid-1 performance fixes (Mikulas Patocka ) [438153]\n- [md] LVM raid-1 performance fixes (Mikulas Patocka ) [438153]\n- [xen] kdump: ability to use makedumpfile with vmcoreinfo (Neil Horman ) [454498]\n- [scsi] aic79xx: reset HBA on kdump kernel boot (Neil Horman ) [458620]\n- [fs] implement fallocate syscall (Eric Sandeen ) [450566]\n- [misc] better clarify package descriptions (Don Zickus ) [249726]\n- [audit] audit TTY input (Miloslav Trmac ) [244135]\n- [scsi] qla2xxx - mgmt. API for FCoE, NetLink (Marcus Barrow ) [456900]\n- [scsi] qla2xxx - mgmt. API, CT pass thru (Marcus Barrow ) [455900]\n- [misc] hrtimer optimize softirq (George Beshers ) [442148]\n- [misc] holdoffs in hrtimer_run_queues (George Beshers ) [442148]\n- [xen] netfront xenbus race (Markus Armbruster ) [453574]\n- [gfs2] NFSv4 delegations fix for cluster systems (Brad Peters ) [433256]\n- [scsi] qla2xxx: update 8.02.00-k1 to 8.02.00.k4 (Marcus Barrow ) [455264]\n- [scsi] qla2xxx: upstream changes from 8.01.07-k7 (Marcus Barrow ) [453685]\n- [scsi] qla2xxx: add more statistics (Marcus Barrow ) [453441]\n- [scsi] qla2xxx: add ISP84XX support (Marcus Barrow ) [442083]\n- [ia64] set default max_purges=1 regardless of PAL return (Luming Yu ) [451593]\n- [ia64] param for max num of concurrent global TLB purges (Luming Yu ) [451593]\n- [ia64] multiple outstanding ptc.g instruction support (Luming Yu ) [451593]\n- [scsi] ST: buffer size doesnt match block size panics (Ivan Vecera ) [443645]\n- [scsi] fix medium error handling with bad devices (Mike Christie ) [431365]\n- [xen] ia64: VT-i2 performance addendum (Bill Burns ) [437096]\n- [xen] HV: ability to use makedumpfile with vmcoreinfo (Neil Horman ) [454498]\n- [xen] ia64: vps save restore patch (Bill Burns ) [437096]\n[2.6.18-113.el5]\n- [xen] remove /proc/xen*/* from bare-metal and FV guests (Don Dutile ) [461532]\n[2.6.18-112.el5]\n- [fs] jbd: test BH_write_EIO to detect errors on metadata (Hideo AOKI ) [439581]\n- [wireless] rt2x00: avoid NULL-ptr deref when probe fails (John W. Linville ) [448763]\n- [x86_64] suspend to disk fails with >4GB of RAM (Matthew Garrett ) [459980]\n- [char] add range_is_allowed check to mmap_mem (Eugene Teo ) [460857]\n- [acpi] add 3.0 _TSD _TPC _TSS _PTC throttling support (Brian Maly ) [440099]\n- [scsi] add scsi device handlers config options (Mike Christie ) [438761]\n- [scsi] scsi_dh: add ALUA handler (mchristi@redhat.com ) [438761]\n- [scsi] scsi_dh: add rdac handler (mchristi@redhat.com ) [438761]\n- [md] dm-mpath: use SCSI device handler (mchristi@redhat.com ) [438761]\n- [scsi] add infrastructure for SCSI Device Handlers (mchristi@redhat.com ) [438761]\n- [misc] driver core: port bus notifiers (mchristi@redhat.com ) [438761]\n- [fs] binfmt_misc: avoid potential kernel stack overflow (Vitaly Mayatskikh ) [459463]\n- [CRYPTO] tcrypt: Change the XTEA test vectors (Herbert Xu ) [446522]\n- [CRYPTO] skcipher: Use RNG instead of get_random_bytes (Herbert Xu ) [446526]\n- [CRYPTO] rng: RNG interface and implementation (Herbert Xu ) [446526]\n- [CRYPTO] api: Add fips_enable flag (Herbert Xu ) [444634]\n- [CRYPTO] cryptomgr - Test ciphers using ECB (Herbert Xu ) [446522]\n- [CRYPTO] api - Use test infrastructure (Herbert Xu ) [446522]\n- [CRYPTO] cryptomgr - Add test infrastructure (Herbert Xu ) [446522]\n- [CRYPTO] tcrypt - Add alg_test interface (Herbert Xu ) [446522]\n- [CRYPTO] tcrypt: self test for des3_ebe cipher (Herbert Xu ) [446522]\n- [CRYPTO] api: missing accessors for new crypto_alg field (Herbert Xu ) [446522]\n- [CRYPTO] tcrypt: Abort and only log if there is an error (Herbert Xu ) [446522]\n- [CRYPTO] tcrypt: Avoid using contiguous pages (Herbert Xu ) [446522]\n- [CRYPTO] tcrpyt: Remove unnecessary kmap/kunmap calls (Herbert Xu ) [446522]\n- [CRYPTO] tcrypt: Catch cipher destination mem corruption (Herbert Xu ) [446522]\n- [CRYPTO] tcrypt: Shrink the tcrypt module (Herbert Xu ) [446522]\n- [CRYPTO] tcrypt: AES CBC test vector from NIST SP800-38A (Herbert Xu ) [446522]\n- [CRYPTO] tcrypt: Change the usage of the test vectors (Herbert Xu ) [446522]\n- [CRYPTO] tcrypt: Shrink speed templates (Herbert Xu ) [446522]\n- [CRYPTO] tcrypt: Group common speed templates (Herbert Xu ) [446522]\n- [fs] jdb: fix error handling for checkpoint I/O (Hideo AOKI ) [439581]\n- [fs] ext3: add checks for errors from jbd (Hideo AOKI ) [439581]\n- [fs] jbd: fix commit code to properly abort journal (Hideo AOKI ) [439581]\n- [fs] jbd: dont dirty original metadata buffer on abort (Hideo AOKI ) [439581]\n- [fs] jdb: abort when failed to log metadata buffers (Hideo AOKI ) [439581]\n- [fs] ext3: dont read inode block if buf has write error (Hideo AOKI ) [439581]\n- [fs] jdb: add missing error checks for file data writes (Hideo AOKI ) [439581]\n- [net] tun: add IFF_VNET_HDR, TUNGETFEATURES, TUNGETIFF (Herbert Xu ) [459719]\n- [acpi] increase deep idle state residency on platforms-2 (Matthew Garrett ) [455449]\n- [acpi] increase deep idle state residency on platforms (Matthew Garrett ) [455447]\n- [acpi] cpufreq: update to upstream for RHEL-5.3 (Matthew Garrett ) [449787]\n- [acpi] thinkpad_acpi: update to upstream for RHEL-5.3 (Matthew Garrett ) [457101]\n- [xen] fix crash on IRQ exhaustion and increase NR_IRQS (Bill Burns ) [442736]\n- [ide] enable DRAC4 (John Feeney ) [459197]\n- [md] move include files to include/linux for exposure (Jonathan Brassow ) [429337]\n- [md] expose dm.h macros (Jonathan Brassow ) [429337]\n- [md] remove internal mod refs fields from interface (Jonathan Brassow ) [429337]\n- [md] dm-log: move register functions (Jonathan Brassow ) [429337]\n- [md] dm-log: clean interface (Jonathan Brassow ) [429337]\n- [md] clean up the dm-io interface (Jonathan Brassow ) [429337]\n- [md] dm-log: move dirty log into separate module (Jonathan Brassow ) [429337]\n- [md] device-mapper interface exposure (Jonathan Brassow ) [429337]\n- [cifs] enable SPNEGO and DFS upcalls in config-generic (Jeff Layton ) [453462]\n- [fs] cifs: latest upstream for RHEL-5.3 (Jeff Layton ) [453462 431868 443395 445522 446142 447400]\n- [fs] introduce a function to register iget failure (Jeff Layton ) [453462]\n- [fs] proc: fix ->openless usage due to ->proc_fops flip (Jeff Layton ) [453462]\n- [security] key: fix lockdep warning when revoking auth (Jeff Layton ) [453462]\n- [security] key: increase payload size when instantiating (Jeff Layton ) [453462]\n- [fs] call flush_disk after detecting an online resize (Jeff Moyer ) [444964]\n- [fs] add flush_disk to flush out common buffer cache (Jeff Moyer ) [444964]\n- [fs] check for device resize when rescanning partitions (Jeff Moyer ) [444964]\n- [fs] adjust block device size after an online resize (Jeff Moyer ) [444964]\n- [fs] wrapper for lower-level revalidate_disk routines (Jeff Moyer ) [444964]\n- [scsi] sd: revalidate_disk wrapper (Jeff Moyer ) [444964]\n- [xen] virtio: add PV network and block drivers for KVM (Mark McLoughlin ) [446214]\n- [misc] remove MAX_ARG_PAGES limit: var length argument (Jerome Marchand ) [443659]\n- [misc] remove MAX_ARG_PAGES limit: rework execve audit (Jerome Marchand ) [443659]\n- [misc] remove MAX_ARG_PAGES limit: independent stack top (Jerome Marchand ) [443659]\n- [ia64] kprobes: support kprobe-booster (Masami Hiramatsu ) [438733]\n- [audit] fix compile when CONFIG_AUDITSYSCALL is disabled (Prarit Bhargava ) [452577]\n- [nfs] v4: handle old format exports gracefully (Brad Peters ) [427424]\n- [xen] x86: fix building with max_phys_cpus=128 (Bill Burns ) [447958]\n- [xen] Intel EPT 2MB patch (Bill Burns ) [426679]\n- [xen] Intel EPT Migration patch (Bill Burns ) [426679]\n- [xen] Intel EPT Patch (Bill Burns ) [426679]\n- [xen] Intel pre EPT Patch (Bill Burns ) [426679]\n- [xen] AMD 2MB backing pages support (Bhavna Sarathy ) [251980]\n[2.6.18-111.el5]\n- [ia64] kabi: remove sn symbols from whitelist (Jon Masters ) [455308]\n- [net] bnx2x: update to upstream version 1.45.21 (Andy Gospodarek ) [442026]\n- [net] cxgb3: updates and lro fixes (Andy Gospodarek ) [441959]\n- [net] niu: enable support for Sun Neptune cards (Andy Gospodarek ) [441416]\n- [scsi] scsi_host_lookup: error returns and NULL pointers (Tom Coughlan ) [460195]\n- [scsi] scsi_netlink: transport/LLD receive/event support (Tom Coughlan ) [460195]\n- [misc] install correct kernel chksum file for FIPS140-2 (Chris Lalancette ) [444632]\n- [net] ixgbe: update to version 1.3.18-k4 (Andy Gospodarek ) [436044]\n- [dlm] fix address compare (David Teigland ) [459585]\n- [net] bonding: fix locking in 802.3ad mode (Andy Gospodarek ) [457300]\n- [openib] OFED-1.3.2-pre update (Doug Ledford ) [439565 443476 453110 458886 459052 458375 459052 230035 460623]\n- [md] dm snapshot: use per device mempools (Mikulas Patocka ) [460846]\n- [md] dm kcopyd: private mempool (Mikulas Patocka ) [460845]\n- [md] deadlock with nested LVMs (Mikulas Patocka ) [460845]\n- [net] skge: dont clear MC state on link down (Andy Gospodarek ) [406051]\n- [net] sky2: re-enable 88E8056 for most motherboards (Andy Gospodarek ) [420961]\n- [net] update myri10ge 10Gbs ethernet driver (Flavio Leitner ) [357191]\n- [net] bnx2: update to upstream version 1.7.9 (Andy Gospodarek ) [441964]\n- [net] e1000e: update to upstream version 0.3.3.3-k2 (Andy Gospodarek ) [436045]\n- [net] tg3: update to upstream version 3.93 (Andy Gospodarek ) [441975 440958 436686]\n- [net] igb: update to upstream version 1.2.45-k2 (Andy Gospodarek ) [436040]\n- [misc] intel: new SATA, USB, HD Audio and I2C(SMBUS) ids (John Villalovos ) [433538]\n- [net] bnx2x: update to upstream version 1.45.20 (Andy Gospodarek ) [442026]\n- [net] ixgb: hardware support and other upstream fixes (Andy Gospodarek ) [441609]\n- [x86] amd oprofile: support instruction based sampling (Bhavna Sarathy ) [438385]\n- [scsi] cciss: support for sg_ioctl (Tomas Henzl ) [250483]\n- [scsi] cciss: support for new controllers (Tomas Henzl ) [437497 447427]\n- [net] pppoe: check packet length on all receive paths (Jiri Pirko ) [457013]\n- [scsi] iscsi: fix nop timeout detection (mchristi@redhat.com ) [453969]\n- [scsi] lpfc: update to version 8.2.0.30 (Tom Coughlan ) [441746]\n- [md] fix handling of sense buffer in eh commands (Doug Ledford ) [441640]\n- [md] fix error propogation in raid arrays (Doug Ledford ) [430984]\n- [md] dm: reject barrier requests (Milan Broz ) [458936]\n- [scsi] 3w-9xxx: update to version 2.26.08.003 (Tomas Henzl ) [451946]\n- [scsi] 3w-xxxx: update to version 1.26.03.000 (Tomas Henzl ) [451945]\n- [scsi] megaraid_sas: update to version 4.01-rh1 (Tomas Henzl ) [442913]\n- [md] dm snapshot: fix race during exception creation (Mikulas Patocka ) [459337]\n- [md] dm-snapshots: race condition and data corruption (Mikulas Patocka ) [459337]\n- [md] dm crypt: use cond_resched (Milan Broz ) [459095]\n- [md] dm mpath: fix bugs in error paths (Milan Broz ) [459092]\n- [mm] fix support for fast get user pages (Ed Pollard ) [447649]\n- [xen] ia64 PV: config file changes to add support (Don Dutile ) [442991]\n- [xen] ia64 PV: Kconfig additions (Don Dutile ) [442991]\n- [xen] ia64 PV: Makefile changes (Don Dutile ) [442991]\n- [xen] ia64 PV: shared used header file changes (Don Dutile ) [442991]\n- [IA64] Correct pernodesize calculation (George Beshers ) [455308]\n- [IA64] Fix large MCA bootmem allocation (George Beshers ) [455308]\n- [IA64] Disable/re-enable CPE interrupts on Altix (George Beshers ) [455308]\n- [IA64] Dont set psr.ic and psr.i simultaneously (George Beshers ) [455308]\n- [IA64] Support multiple CPUs going through OS_MCA (George Beshers ) [455308]\n- [IA64] Remove needless delay in MCA rendezvous (George Beshers ) [455308]\n- [IA64] Clean up CPE handler registration (George Beshers ) [455308]\n- [IA64] CMC/CPE: Reverse fetching log and checking poll (George Beshers ) [455308]\n- [IA64] Force error to surface in nofault code (George Beshers ) [455308]\n- [IA64] Fix Altix BTE error return status (George Beshers ) [455308]\n- [IA64] BTE error timer fix (George Beshers ) [455308]\n- [IA64] Update processor_info features (George Beshers ) [455308]\n- [IA64] More Itanium PAL spec updates (George Beshers ) [455308]\n- [IA64] Add se bit to Processor State Parameter structure (George Beshers ) [455308]\n- [IA64] Add dp bit to cache and bus check structs (George Beshers ) [455308]\n- [IA64] PAL calls need physical mode, stacked (George Beshers ) [455308]\n- [IA64] Cache error recovery (George Beshers ) [455308]\n- [IA64] handle TLB errors from duplicate itr.d dropins (George Beshers ) [455308]\n- [IA64] MCA recovery: Montecito support (George Beshers ) [455308]\n[2.6.18-110.el5]\n- [x86_64] use strncmp for memmap=exactmap boot argument (Prarit Bhargava ) [450244]\n- [wireless] compiler warning fixes for mac80211 update (John W. Linville ) [438391]\n- [serial] 8250: support for DTR/DSR hardware flow control (Aristeu Rozanski ) [445215]\n- [tty] add termiox support (Aristeu Rozanski ) [445211]\n- [vt] add shutdown method (Aristeu Rozanski ) [239604]\n- [tty] add shutdown method (Aristeu Rozanski ) [239604]\n- [tty] cleanup release_mem (Aristeu Rozanski ) [239604]\n- [mm] keep pagefault from happening under page lock (Josef Bacik ) [445433]\n- [wireless] iwlwifi: post-2.6.27-rc3 to support iwl5x00 (John W. Linville ) [438388]\n- [net] random32: seeding improvement (Jiri Pirko ) [458019]\n- [usb] work around ISO transfers in SB700 (Pete Zaitcev ) [457723]\n- [x86_64] AMD 8-socket APICID patches (Prarit Bhargava ) [459813]\n- [misc] make printk more robust against kexec shutdowns (Neil Horman ) [458368]\n- [fs] ext4: backport to rhel5.3 interfaces (Eric Sandeen ) [458718]\n- [fs] ext4: Kconfig/Makefile/config glue (Eric Sandeen ) [458718]\n- [fs] ext4: fixes from upstream pending patch queue (Eric Sandeen ) [458718]\n- [fs] ext4: revert delalloc upstream mods (Eric Sandeen ) [458718]\n- [fs] ext4: 2.6.27-rc3 upstream codebase (Eric Sandeen ) [458718]\n- [fs] ext4: new s390 bitops (Eric Sandeen ) [459436]\n- [usb] wacom: add support for Cintiq 20WSX (Aristeu Rozanski ) [248903]\n- [usb] wacom: add support for Intuos3 4x6 (Aristeu Rozanski ) [370471]\n- [usb] wacom: fix maximum distance values (Aristeu Rozanski ) [248903]\n- [x86] hpet: consolidate assignment of hpet_period (Brian Maly ) [435726]\n- [openib] lost interrupt after LPAR to LPAR communication (Brad Peters ) [457838]\n- [firmware] fix ibft offset calculation (mchristi@redhat.com ) [444776]\n- [block] performance fix for too many physical devices (Mikulas Patocka ) [459527]\n- [ide] Fix issue when appending data on an existing DVD (Mauro Carvalho Chehab ) [457025]\n- [misc] fix kernel builds on modern userland (Matthew Garrett ) [461540]\n- [x86_64] AMD IOMMU driver support (Bhavna Sarathy ) [251970]\n- [x86_64] GART iommu alignment fixes (Prarit Bhargava ) [455813]\n- [firewire] latest upstream snapshot for RHEL-5.3 (Jay Fenlason ) [449520 430300 429950 429951]\n- [net] ipv6: configurable address selection policy table (Neil Horman ) [446063]\n- [fs] relayfs: support larger on-memory buffer (Masami Hiramatsu ) [439269]\n- [xen] ia64: speed up hypercall for guest domain creation (Tetsu Yamamoto ) [456171]\n- [xen] make last processed event channel a per-cpu var (Tetsu Yamamoto ) [456171]\n- [xen] process event channel notifications in round-robin (Tetsu Yamamoto ) [456171]\n- [xen] use unlocked_ioctl in evtchn, gntdev and privcmd (Tetsu Yamamoto ) [456171]\n- [xen] disallow nested event delivery (Tetsu Yamamoto ) [456171]\n- [ppc64] spu: add cpufreq governor (Ed Pollard ) [442410]\n- [misc] cleanup header warnings and enable header check (Don Zickus ) [458360]\n- [mm] NUMA: over-committing memory compiler warnings (Larry Woodman ) [457264]\n- [misc] mmtimer: fixes for high resolution timers (George Beshers ) [442186]\n- [x86_64] xen: local DOS due to NT bit leakage (Eugene Teo ) [457722] {CVE-2006-5755}\n- [xen] ia64: mark resource list functions __devinit (Tetsu Yamamoto ) [430219]\n- [xen] ia64: issue ioremap HC in pci_acpi_scan_root (Tetsu Yamamoto ) [430219]\n- [xen] ia64: revert paravirt to ioremap /proc/pci (Tetsu Yamamoto ) [430219]\n- [xen] ia64: disable paravirt to remap /dev/mem (Tetsu Yamamoto ) [430219]\n- [x86_64] kprobe: kprobe-booster and return probe-booster (Masami Hiramatsu ) [438725]\n- [xen] NUMA: extend physinfo sysctl to export topo info (Tetsu Yamamoto ) [454711]\n- [xen] ia64: kludge for XEN_GUEST_HANDLE_64 (Tetsu Yamamoto ) [454711]\n- [xen] ia64: NUMA support (Tetsu Yamamoto ) [454711]\n- [misc] pipe support to /proc/sys/net/core_pattern (Neil Horman ) [410871]\n- [xen] ia64: fix and cleanup move to psr (Tetsu Yamamoto ) [447453]\n- [xen] ia64: turn off psr.i after PAL_HALT_LIGHT (Tetsu Yamamoto ) [447453]\n- [xen] ia64: fix ia64_leave_kernel (Tetsu Yamamoto ) [447453]\n- [xen] page scrub: serialise softirq with a new lock (Tetsu Yamamoto ) [456171]\n- [xen] serialize scrubbing pages (Tetsu Yamamoto ) [456171]\n- [xen] ia64: dont warn for EOI-ing edge triggered intr (Tetsu Yamamoto ) [430219]\n- [xen] ia64: remove regNaT fault message (Tetsu Yamamoto ) [430219]\n- [xen] ia64: suppress warning of __assign_domain_page (Tetsu Yamamoto ) [430219]\n- [xen] ia64: remove annoying log message (Tetsu Yamamoto ) [430219]\n- [xen] ia64: quieter Xen boot (Tetsu Yamamoto ) [430219]\n- [xen] ia64: quiet lookup_domain_mpa when domain is dying (Tetsu Yamamoto ) [430219]\n- [xen] ia64: fix XEN_SYSCTL_physinfo to handle NUMA info (Tetsu Yamamoto ) [454711]\n- [xen] ia64: fixup physinfo (Tetsu Yamamoto ) [454711]\n[2.6.18-109.el5]\n- [misc] cpufreq: fix format string bug (Vitaly Mayatskikh ) [459460]\n- [x86_64] perfctr: dont use CCCR_OVF_PMI1 on Pentium 4 Ds (Aristeu Rozanski ) [447618]\n- [wireless] iwlwifi: fix busted tkip encryption (John W. Linville ) [438388]\n- [wireless] ath5k: fixup Kconfig mess from update (John W. Linville ) [445578]\n- [fs] cifs: fix O_APPEND on directio mounts (Jeff Layton ) [460063]\n- [ia64] oprofile: recognize Montvale cpu as Itanium2 (Dave Anderson ) [452588]\n- [block] aoe: use use bio->bi_idx to avoid panic (Tom Coughlan ) [440506]\n- [x86] make bare-metal oprofile recognize other platforms (Markus Armbruster ) [458441]\n- [scsi] areca: update for RHEL-5.3 (Tomas Henzl ) [436068]\n- [sata] prep work for rhel5.3 (David Milburn ) [439247 445727 450962 451586 455445]\n- [sata] update driver to 2.6.26-rc5 (David Milburn ) [439247 442906 445727 450962 451586 455445 459197]\n- [openib] race between QP async handler and destroy_qp (Brad Peters ) [446109]\n- [mm] dont use large pages to map the first 2/4MB of mem (Larry Woodman ) [455504]\n- [mm] holdoffs in refresh_cpu_vm_stats using latency test (George Beshers ) [447654]\n- [ppc64] cell spufs: fix HugeTLB (Brad Peters ) [439483]\n- [ppc64] cell spufs: update with post 2.6.25 patches (Brad Peters ) [439483]\n- [xen] ia64 oprofile: recognize Montvale cpu as Itanium2 (Dave Anderson ) [452588]\n- [xen] x86: make xenoprof recognize other platforms (Markus Armbruster ) [458441]\n[2.6.18-108.el5]\n- [net] NetXen: remove performance optimization fix (Tony Camuso ) [457958]\n- [net] NetXen: update to upstream 2.6.27 (tcamuso@redhat.com ) [457958]\n- [net] NetXen: fixes from upstream 2.6.27 (tcamuso@redhat.com ) [457958]\n- [net] NetXen: cleanups from upstream 2.6.27 (tcamuso@redhat.com ) [457958]\n- [fs] anon_inodes implementation (Eduardo Habkost ) [459835]\n- [x86] PCI domain support (Jeff Garzik ) [228290]\n- [net] udp: possible recursive locking (Hideo AOKI ) [458909]\n- [gfs2] multiple writer performance issue (Abhijith Das ) [459738]\n- [alsa] asoc: double free and mem leak in i2c codec (Jaroslav Kysela ) [460103]\n- [net] ibmveth: cluster membership problems (Brad Peters ) [460379]\n- [net] ipv6: drop outside of box loopback address packets (Neil Horman ) [459556]\n- [net] dccp_setsockopt_change integer overflow (Vitaly Mayatskikh ) [459235] {CVE-2008-3276}\n- [x86] execute stack overflow warning on interrupt stack (Michal Schmidt ) [459810]\n- [ppc] export LPAR CPU utilization stats for use by hv (Brad Peters ) [439516]\n- [acpi] error attaching device data (peterm@redhat.com ) [459670]\n- [md] fix crashes in iterate_rdev (Doug Ledford ) [455471]\n- [utrace] signal interception breaks systemtap uprobes (Roland McGrath ) [459786]\n- [misc] markers and tracepoints: config patch (jbaron@redhat.com ) [329821]\n- [misc] markers and tracepoints: kabi fix-up patch (jbaron@redhat.com ) [329821]\n- [misc] markers and tracepoints: probes (jbaron@redhat.com ) [329821]\n- [misc] markers and tracepoints: sched patch (jbaron@redhat.com ) [329821]\n- [misc] markers and tracepoints: irq patch (jbaron@redhat.com ) [329821]\n- [misc] markers and tracepoints: create Module.markers (jbaron@redhat.com ) [329821]\n- [misc] markers and tracepoints: markers docs (jbaron@redhat.com ) [329821]\n- [misc] markers and tracepoints: markers samples (jbaron@redhat.com ) [329821]\n- [misc] markers and tracepoints: markers (jbaron@redhat.com ) [329821]\n- [misc] markers and tracepoints: tracepoint samples (jbaron@redhat.com ) [329821]\n- [misc] markers and tracepoints: tracepoints (jbaron@redhat.com ) [329821]\n- [misc] markers and tracepoints: samples patch (jbaron@redhat.com ) [329821]\n- [misc] markers and tracepoints: rcu-read patch (jbaron@redhat.com ) [329821]\n- [x86] nmi: fix disable and enable _timer_nmi_watchdog (Aristeu Rozanski ) [447618]\n- [x86] nmi: disable LAPIC/IO APIC on unknown_nmi_panic (Aristeu Rozanski ) [447618]\n- [x86] nmi: use lapic_adjust_nmi_hz (Aristeu Rozanski ) [447618]\n- [x86] nmi: update check_nmi_watchdog (Aristeu Rozanski ) [447618]\n- [x86] nmi: update reserve_lapic_nmi (Aristeu Rozanski ) [447618]\n- [x86] nmi: use setup/stop routines in suspend/resume (Aristeu Rozanski ) [447618]\n- [x86] nmi: change nmi_active usage (Aristeu Rozanski ) [447618]\n- [x86] nmi: update nmi_watchdog_tick (Aristeu Rozanski ) [447618]\n- [x86] nmi: introduce do_nmi_callback (Aristeu Rozanski ) [447618]\n- [x86] nmi: introduce per-cpu wd_enabled (Aristeu Rozanski ) [447618]\n- [x86] nmi: add perfctr infrastructure (Aristeu Rozanski ) [447618]\n- [x86_64] nmi: add missing prototypes in xen headers (Aristeu Rozanski ) [447618]\n- [x86_64] nmi: kill disable_irq calls (Aristeu Rozanski ) [447618]\n- [x86_64] nmi: disable LAPIC/IO APIC on unknown_nmi_panic (Aristeu Rozanski ) [447618]\n- [x86_64] nmi: use perfctr functions for probing (Aristeu Rozanski ) [447618]\n- [x86_64] nmi: update check_nmi_watchdog (Aristeu Rozanski ) [447618]\n- [x86_64] nmi: update reserve_lapic_nmi (Aristeu Rozanski ) [447618]\n- [x86_64] nmi: use new setup/stop routines in suspend/resume (Aristeu Rozanski ) [447618]\n- [x86_64] nmi: change nmi_active usage (Aristeu Rozanski ) [447618]\n- [x86_64] nmi: update nmi_watchdog_tick (Aristeu Rozanski ) [447618]\n- [x86_64] nmi: setup apic to handle both IO APIC and LAPIC (Aristeu Rozanski ) [447618]\n- [x86_64] nmi: introduce do_nmi_callback (Aristeu Rozanski ) [447618]\n- [x86_64] nmi: introduce per-cpu wd_enabled (Aristeu Rozanski ) [447618]\n- [x86_64] nmi: add perfctr infrastructure (Aristeu Rozanski ) [447618]\n- [mm] drain_node_page: drain pages in batch units (George Beshers ) [442179]\n- [mm] optimize ZERO_PAGE in 'get_user_pages' and fix XIP (Anton Arapov ) [452668] {CVE-2008-2372}\n- [x86_64] UEFI code support (Brian Maly ) [253295]\n[2.6.18-107.el5]\n- [scsi] mptscsi: check for null device in error handler (Doug Ledford ) [441832]\n- [openib] ehca: local CA ACK delay has an invalid value (Brad Peters ) [458378]\n- [gfs2] fix metafs (Abhijith Das ) [457798]\n- [sound] HDMI Audio: new PCI device ID (Bhavna Sarathy ) [459221]\n- [s390] cio: memory leak when ccw devices are discarded (Hans-Joachim Picht ) [459495]\n- [openib] ehca: handle two completions for one work req (Brad Peters ) [459142]\n- [scsi] cciss: possible race condition during init (Ivan Vecera ) [455663]\n- [wireless] rtl818x: add driver from 2.6.26 (John W. Linville ) [448764]\n- [wireless] rt2x00: add driver from 2.6.26 (John W. Linville ) [448763]\n- [wireless] ath5k: add driver from 2.6.26 (John W. Linville ) [445578]\n- [wireless] iwlwifi update to version from 2.6.26 (John W. Linville ) [438395]\n- [wireless] mac80211 update to version from 2.6.26 (John W. Linville ) [438391 438464 446076]\n- [wireless] infrastructure changes for mac80211 update (John W. Linville ) [438391]\n- [xen] xennet: coordinate ARP with backend network status (Herbert Xu ) [458934]\n- [x86] oprofile: enable additional perf counters (Markus Armbruster ) [426096]\n- [wireless] update zd1211rw to last non-mac80211 version (John W. Linville ) [448762]\n- [wireless] update bcm43xx driver to 2.6.25 (John W. Linville ) [448762]\n- [wireless] update ipw2x00 driver to 2.6.25 (John W. Linville ) [448762]\n- [wireless] update ieee80211 to 2.6.25 (John W. Linville ) [448762]\n- [xen] hv: support up to 128 cpus (Bill Burns ) [447958]\n- [gfs2] rm on multiple nodes causes panic (Bob Peterson ) [458289]\n- [gfs2] d_rwdirectempty fails with short read (Benjamin Marzinski ) [456453]\n- [sound] snd_seq_oss_synth_make_info info leak (Eugene Teo ) [458001] {CVE-2008-3272}\n- Revert: [mm] add support for fast get user pages (Ed Pollard ) [447649]\n- [xen] fix GDT allocation for 128 CPUs (Bill Burns ) [447958]\n- [xen] fix building with max_phys_cpus=128 (Bill Burns ) [447958]\n- [xen] limit dom0 to 32GB by default (Rik van Riel ) [453467]\n- [xen] automatically make heap larger on large mem system (Rik van Riel ) [453467]\n[2.6.18-106.el5]\n- [x86_64] resume from s3 in text mode with >4GB of mem (Matthew Garrett ) [452961]\n- [x86] kdump: calgary iommu: use boot kernels TCE tables (Tom Coughlan ) [239272]\n- [net] neigh_destroy: call destructor before unloading (Brad Peters ) [449161]\n- [usb] removing bus with an open file causes an oops (Pete Zaitcev ) [450786]\n- [nfs] missing nfs_fattr_init in nfsv3 acl functions (Jeff Layton ) [453711]\n- [xen] x86: fix endless loop when GPF (Chris Lalancette ) [457093]\n- [dlm] user.c input validation fixes (David Teigland ) [458760]\n- [serial] support for Digi PCI-E 4-8port Async IO adapter (Brad Peters ) [439443]\n- [cpufreq] acpi: boot crash due to _PSD return-by-ref (John Villalovos ) [428909]\n- [x86] io_apic: check timer with irq off (Brian Maly ) [432407]\n- [nfs] v4: dont reuse expired nfs4_state_owner structs (Jeff Layton ) [441884]\n- [nfs] v4: credential ref leak in nfs4_get_state_owner (Jeff Layton ) [441884]\n- [xen] PVFB probe & suspend fixes fix (Markus Armbruster ) [459107]\n- [x86] acpi: prevent resources from corrupting memory (Prarit Bhargava ) [458988]\n- [mm] add support for fast get user pages (Ed Pollard ) [447649]\n- [ipmi] control BMC device ordering (peterm@redhat.com ) [430157]\n- [net] pppoe: fix skb_unshare_check call position (Jiri Pirko ) [459062]\n- [net] ipv6: use timer pending to fix bridge ref count (Jiri Pirko ) [457006]\n- [nfs] v4: Poll aggressively when handling NFS4ERR_DELAY (Jeff Layton ) [441884]\n- [net] ixgbe: fix EEH recovery time (Brad Peters ) [457466]\n- [net] pppoe: unshare skb before anything else (Jiri Pirko ) [457018]\n- [ppc64] EEH: facilitate vendor driver recovery (Brad Peters ) [457253]\n- [ia64] fix to check module_free parameter (Masami Hiramatsu ) [457961]\n- [video] make V4L2 less verbose (Mauro Carvalho Chehab ) [455230]\n- [autofs4] remove unused ioctls (Ian Kent ) [452139]\n- [autofs4] reorganize expire pending wait function calls (Ian Kent ) [452139]\n- [autofs4] fix direct mount pending expire race (Ian Kent ) [452139]\n- [autofs4] fix indirect mount pending expire race (Ian Kent ) [452139]\n- [autofs4] fix pending checks (Ian Kent ) [452139]\n- [autofs4] cleanup redundant readdir code (Ian Kent ) [452139]\n- [autofs4] keep most direct and indirect dentrys positive (Ian Kent ) [452139]\n- [autofs4] fix waitq memory leak (Ian Kent ) [452139]\n- [autofs4] check communication pipe is valid for write (Ian Kent ) [452139]\n- [autofs4] fix waitq locking (Ian Kent ) [452139]\n- [autofs4] fix pending mount race (Ian Kent ) [452139]\n- [autofs4] use struct qstr in waitq.c (Ian Kent ) [452139]\n- [autofs4] use lookup intent flags to trigger mounts (Ian Kent ) [448869]\n- [autofs4] hold directory mutex if called in oz_mode (Ian Kent ) [458749]\n- [autofs4] use rehash list for lookups (Ian Kent ) [458749]\n- [autofs4] dont make expiring dentry negative (Ian Kent ) [458749]\n- [autofs4] fix mntput, dput order bug (Ian Kent ) [452139]\n- [autofs4] bad return from root.c:try_to_fill_dentry (Ian Kent ) [452139]\n- [autofs4] sparse warn in waitq.c:autofs4_expire_indirect (Ian Kent ) [452139]\n- [autofs4] check for invalid dentry in getpath (Ian Kent ) [452139]\n- [misc] create a kernel checksum file per FIPS140-2 (Don Zickus ) [444632]\n- [net] h323: Fix panic in conntrack module (Thomas Graf ) [433661]\n- [misc] NULL pointer dereference in kobject_get_path (Jiri Pirko ) [455460]\n- [audit] new filter type, AUDIT_FILETYPE (Alexander Viro ) [446707]\n- [ppc64] missed hw breakpoints across multiple threads (Brad Peters ) [444076]\n- [net] race between neigh_timer_handler and neigh_update (Brad Peters ) [440555]\n- [security] NULL ptr dereference in __vm_enough_memory (Jerome Marchand ) [443659]\n- [ppc64] cell: spufs update for RHEL-5.3 (Brad Peters ) [439483]\n- [misc] null pointer dereference in register_kretprobe (Jerome Marchand ) [452308]\n- [alsa] HDA: update to 2008-07-22 (Jaroslav Kysela ) [456215]\n- [ia64] xen: handle ipi case IA64_TIMER_VECTOR (Luming Yu ) [451745]\n- [misc] batch kprobe register/unregister (Jiri Pirko ) [437579]\n- [ia64] add gate.lds to Documentation/dontdiff (Prarit Bhargava ) [449948]\n- [xen] fix netloop restriction (Bill Burns ) [358281]\n- [nfs] revert to sync writes when background write errors (Jeff Layton ) [438423]\n- [ia64] kdump: implement greater than 4G mem restriction (Doug Chapman ) [446188]\n- [nfs] clean up short packet handling for NFSv4 readdir (Jeff Layton ) [428720]\n- [nfs] clean up short packet handling for NFSv2 readdir (Jeff Layton ) [428720]\n- [nfs] clean up short packet handling for NFSv3 readdir (Jeff Layton ) [428720]\n[2.6.18-105.el5]\n- [misc] pnp: increase number of devices (Prarit Bhargava ) [445590]\n- [ppc] PERR/SERR disabled after EEH error recovery (Brad Peters ) [457468]\n- [ppc] eHEA: update from version 0076-05 to 0091-00 (Brad Peters ) [442409]\n- [net] modifies inet_lro for RHEL (Brad Peters ) [442409]\n- [net] adds inet_lro module (Brad Peters ) [442409]\n- [ppc] adds crashdump shutdown hooks (Brad Peters ) [442409]\n- [ppc] xmon: setjmp/longjmp code generically available (Brad Peters ) [442409]\n- [xen] PV: config file changes (Don Dutile ) [442991]\n- [xen] PV: Makefile and Kconfig additions (Don Dutile ) [442991]\n- [xen] PV: add subsystem (Don Dutile ) [442991]\n- [xen] PV: shared used header file changes (Don Dutile ) [442991]\n- [xen] PV: shared use of xenbus, netfront, blkfront (Don Dutile ) [442991]\n- [fs] backport zero_user_segments and friends (Eric Sandeen ) [449668]\n- [fs] backport list_first_entry helper (Eric Sandeen ) [449668]\n- [ia64] fix boot failure on ia64/sn2 (Luming Yu ) [451745]\n- [ia64] move SAL_CACHE_FLUSH check later in boot (Luming Yu ) [451745]\n- [ia64] use platform_send_ipi in check_sal_cache_flush (Luming Yu ) [451745]\n- [xen] avoid dom0 hang when tearing down domains (Chris Lalancette ) [347161]\n- [xen] ia64: SMP-unsafe with XENMEM_add_to_physmap on HVM (Tetsu Yamamoto ) [457137]\n[2.6.18-104.el5]\n- [crypto] IPsec memory leak (Vitaly Mayatskikh ) [455238]\n- [ppc] edac: add support for Cell processor (Brad Peters ) [439507]\n- [ppc] edac: add pre-req support for Cell processor (Brad Peters ) [439507]\n- [scsi] DLPAR remove operation fails on LSI SCSI adapter (Brad Peters ) [457852]\n- [net] bridge: eliminate delay on carrier up (Herbert Xu ) [453526]\n- [mm] tmpfs: restore missing clear_highpage (Eugene Teo ) [426083]{CVE-2007-6417}\n- [scsi] aic94xx: update to 2.6.25 (Ed Pollard ) [439573]\n- [fs] dio: lock refcount operations (Jeff Moyer ) [455750]\n- [fs] vfs: fix lookup on deleted directory (Eugene Teo ) [457866]{CVE-2008-3275}\n- [fs] jbd: fix races that lead to EIO for O_DIRECT (Brad Peters ) [446599]\n- [fs] add percpu_counter_add & _sub (Eric Sandeen ) [443896]\n- [xen] event channel lock and barrier (Markus Armbruster ) [457086]\n- [ppc] adds DSCR support in sysfs (Brad Peters ) [439567]\n- [ppc] oprofile: wrong cpu_type returned (Brad Peters ) [441539]\n- [s390] utrace: PTRACE_POKEUSR_AREA corrupts ACR0 (Anton Arapov ) [431183]\n- [pci] fix problems with msi interrupt management (Michal Schmidt ) [428696]\n- [misc] fix wrong test in wait_task_stopped (Jerome Marchand ) [382211]\n- [fs] ecryptfs: use page_alloc to get a page of memory (Eric Sandeen ) [457058]\n- [misc] serial: fix break handling for i82571 over LAN (Aristeu Rozanski ) [440018]\n- [xen] blktap: expand for longer busids (Chris Lalancette ) [442723]\n- [xen] fix blkfront to accept > 16 devices (Chris Lalancette ) [442723]\n- [xen] expand SCSI majors in blkfront (Chris Lalancette ) [442077]\n- [misc] core dump: remain dumpable (Jerome Marchand ) [437958]\n- [fs] inotify: previous event should be last in list (Jeff Burke ) [453990]\n- [block] Enhanced Partition Statistics: documentation (Jerome Marchand ) [224322]\n- [block] Enhanced Partition Statistics: retain old stats (Jerome Marchand ) [224322]\n- [block] Enhanced Partition Statistics: procfs (Jerome Marchand ) [224322]\n- [block] Enhanced Partition Statistics: sysfs (Jerome Marchand ) [224322]\n- [block] Enhanced Partition Statistics: cpqarray fix (Jerome Marchand ) [224322]\n- [block] Enhanced Partition Statistics: cciss fix (Jerome Marchand ) [224322]\n- [block] Enhanced Partition Statistics: aoe fix (Jerome Marchand ) [224322]\n- [block] Enhanced Partition Statistics: update statistics (Jerome Marchand ) [224322]\n- [block] Enhanced Partition Statistics: core statistics (Jerome Marchand ) [224322]\n- [fs] add clear_nlink, drop_nlink (Eric Sandeen ) [443896]\n- [fs] add buffer_submit_read and bh_uptodate_or_lock (Eric Sandeen ) [443896]\n- [fs] noinline_for_stack attribute (Eric Sandeen ) [443896]\n- [fs] i_version updates (Eric Sandeen ) [443896]\n- [fs] add an ERR_CAST function (Eric Sandeen ) [443896]\n- [fs] introduce is_owner_or_cap (Eric Sandeen ) [443896]\n- [fs] add generic_find_next_le_bit (Eric Sandeen ) [443896]\n- [fs] add le32_add_cpu and friends (Eric Sandeen ) [443896]\n- [net] sctp: export needed data to implement RFC 3873 (Neil Horman ) [277111]\n- [xen] x86: xenoprof enable additional perf counters (Markus Armbruster ) [426096]\n[2.6.18-103.el5]\n- [fs] dio: use kzalloc to zero out struct dio (Jeff Moyer ) [439918]\n- [x86] hugetlb: inconsistent get_user_pages (x86 piece) (Brad Peters ) [456449]\n- [fs] fix softlockups when repeatedly dropping caches (Bryn M. Reeves ) [444961]\n- [char] add hp-ilo driver (Tony Camuso ) [437212]\n- [net] do liberal tracking for picked up connections (Anton Arapov ) [448328]\n- [scsi] BusLogic: typedef bool to boolean for compiler (Chip Coldwell ) [445095]\n- [misc] ioc4: fixes - pci_put_dev, printks, mem resource (Jonathan Lim ) [442424]\n[2.6.18-102.el5]\n- [net] slow_start_after_idle influences cwnd validation (Thomas Graf ) [448918]\n- [dlm] fix a couple of races (David Teigland ) [457569]\n- [net] NetXen driver update to 3.4.18 (Ed Pollard ) [443619]\n- [mm] NUMA: system is slow when over-committing memory (Larry Woodman ) [457264]\n- [net] ixgbe: remove device ID for unsupported device (Andy Gospodarek ) [454910]\n- [ppc] Event Queue overflow on eHCA adapters (Brad Peters ) [446713]\n- [ppc] IOMMU Performance Enhancements (Brad Peters ) [439469]\n- [ppc] RAS update for Cell (Brad Peters ) [313731]\n- [ppc] fast little endian implementation for System p AVE (Brad Peters ) [439505]\n- [net] proc: add unresolved discards stat to ndisc_cache (Neil Horman ) [456732]\n- [x86_64] ia32: increase stack size (Larry Woodman ) [442331]\n- [mm] fix PAE pmd_bad bootup warning (Larry Woodman ) [455434]\n- [video] add uvcvideo module (Jay Fenlason ) [439899]\n- [crypto] add tests for cipher types to self test module (Neil Horman ) [446514]\n- [mm] fix debug printks in page_remove_rmap() (Larry Woodman ) [457458]\n- [mm] fix /proc/sys/vm/lowmem_reserve_ratio (Larry Woodman ) [457471]\n- [xen] add VPS sync read/write according to spec (Bill Burns ) [437096]\n- [xen] use VPS service to take place of PAL call (Bill Burns ) [437096]\n- [xen] enable serial console for new ia64 chip (Bill Burns ) [437096]\n[2.6.18-101.el5]\n- [ipmi] restrict keyboard I/O port reservation (peterm@redhat.com ) [456300]\n- [mm] xpmem: inhibit page swapping under heavy mem use (George Beshers ) [456574]\n- [fs] vfs: wrong error code on interrupted close syscalls (Jeff Layton ) [455729]\n- [misc] dont randomize when no randomize personality set (Bryn M. Reeves ) [444611]\n- [ia64] holdoffs in sn_ack_irq when running latency tests (Jonathan Lim ) [447838]\n- [xen] x86: new vcpu_op call to get physical CPU identity (Bhavana Nagendra ) [434548]\n- [xen] HV: memory corruption with large number of cpus (Chris Lalancette ) [449945]\n- [xen] save phys addr for crash utility (Bill Burns ) [443618]\n- [xen] kexec: allocate correct memory reservation (Bill Burns ) [442661]\n[2.6.18-100.el5]\n- [gfs2] glock dumping missing out some glocks (Steven Whitehouse ) [456334]\n- [scsi] ibmvscsi: add tape device support (Brad Peters ) [439488]\n- [misc] irq: reset stats when installing new handler (Eugene Teo ) [456218]\n- [scsi] ibmvscsi: latest 5.3 fixes and enhancements (Brad Peters ) [439487]\n- [selinux] prevent illegal selinux options when mounting (Eugene Teo ) [456052]\n- [xen] remove blktap sysfs entries before shutdown (Chris Lalancette ) [250104]\n- [xen] dont collide symbols with blktap (Chris Lalancette ) [250104]\n- [xen] blktap: modify sysfs entries to match blkback (Chris Lalancette ) [250104]\n- [xen] dont try to recreate sysfs entries (Chris Lalancette ) [250104]\n- [xen] blktap: stats error cleanup (Chris Lalancette ) [250104]\n- [xen] blktap: add statistics (Chris Lalancette ) [250104]\n- [xen] rename blktap kernel threads to blktap.dom.blkname (Chris Lalancette ) [250104]\n- [ia64] xen: incompatibility with HV and userspace tools (Tetsu Yamamoto ) [444589]\n- [usb] add ids for WWAN cards (John Feeney ) [253137]\n- [ia64] handle invalid ACPI SLIT table (Luming Yu ) [451591]\n- [pci] mmconfig: use conf1 for access below 256 bytes (Tony Camuso ) [441615 251493]\n- [pci] mmconfig: rm pci_legacy_ops and nommconf blacklist (Tony Camuso ) [441615 251493]\n- [pci] mmconfig: remove pci_bios_fix_bus_scan_quirk (Tony Camuso ) [441615 251493]\n- [fs] nlm: tear down RPC clients in nlm_shutdown_hosts (Jeff Layton ) [254195]\n- [fs] nlm: dont reattempt GRANT_MSG with an inflight RPC (Jeff Layton ) [254195]\n- [fs] nlm: canceled inflight GRANT_MSG shouldnt requeue (Jeff Layton ) [254195]\n- [fs] potential race in mark_buffer_dirty (Mikulas Patocka ) [442577]\n[2.6.18-99.el5]\n- [fs] lockd: nlmsvc_lookup_host called with f_sema held (Jeff Layton ) [453094]\n- [x86] dont call MP_processor_info for disabled cpu (Prarit Bhargava ) [455425]\n- [x86_64] dont call MP_processor_info for disabled cpu (Prarit Bhargava ) [455427]\n- [x86] show apicid in /proc/cpuinfo (Prarit Bhargava ) [455424]\n- [acpi] disable lapic timer on C2 states (John Villalovos ) [438409]\n- [acpi] enable deep C states for idle efficiency (Matthew Garrett ) [443516]\n- [fs] missing check before setting mount propagation (Eugene Teo ) [454393]\n- [xen] pvfb: frontend mouse wheel support (Markus Armbruster ) [446235]\n- [ppc] use ibm,slb-size from device tree (Brad Peters ) [432127]\n- [mm] dio: fix cache invalidation after sync writes (Jeff Moyer ) [445674]\n- [misc] fix UP compile in skcipher.h (Prarit Bhargava ) [453038]\n- [ia64] softlock: prevent endless warnings in kdump (Neil Horman ) [453200]\n- [net] s2io: fix documentation about intr_type (Michal Schmidt ) [450921]\n- [net] make udp_encap_rcv use pskb_may_pull (Neil Horman ) [350281]\n- [misc] fix compile when selinux is disabled (Prarit Bhargava ) [452535]\n- [scsi] update aacraid to 1.1.5-2455 (Chip Coldwell ) [429862]\n- [x86_64] ptrace: sign-extend orig_rax to 64 bits (Jerome Marchand ) [437882]\n- [x86_64] ia32 syscall restart fix (Jerome Marchand ) [434998]\n- [misc] optimize byte-swapping, fix -pedantic compile (Jarod Wilson ) [235699]\n- [dm] snapshot: reduce default memory allocation (Milan Broz ) [436494]\n- [dm] snapshot: fix chunksize sector conversion (Milan Broz ) [443627]\n- [net] ip tunnel cant be bound to another device (Michal Schmidt ) [451196]\n- [net] bnx2x: chip reset and port type fixes (Andy Gospodarek ) [441259]\n- [audit] records sender of SIGUSR2 for userspace (Eric Paris ) [428277]\n- [audit] deadlock under load and auditd takes a signal (Eric Paris ) [429941]\n- [audit] send EOE audit record at end of syslog events (Eric Paris ) [428275]\n- [x86] brk: fix RLIMIT_DATA check (Vitaly Mayatskikh ) [315681]\n- [misc] fix ?!/!? inversions in spec file (Jarod Wilson ) [451008]\n- [scsi] fix high I/O wait using 3w-9xxx (Tomas Henzl ) [444759]\n- [net] ipv6: fix unbalanced ref count in ndisc_recv_ns (Neil Horman ) [450855]\n- [fs] cifs: wait on kthread_stop before thread exits (Jeff Layton ) [444865]\n- [net] fix the redirected packet if jiffies wraps (Ivan Vecera ) [445536]\n- [nfs] pages of a memory mapped file get corrupted (Peter Staubach ) [435291]\n- [net] sunrpc: memory corruption from dead rpc client (Jeff Layton ) [432867]\n- [fs] debugfs: fix dentry reference count bug (Josef Bacik ) [445787]\n- [acpi] remove processor module errors (John Feeney ) [228836]\n- [fs] ext3: make fdatasync not sync metadata (Josef Bacik ) [445649]\n- [pci] acpiphp_ibm: let ACPI determine _CID buffer size (Prarit Bhargava ) [428874]\n- [fs] need process map reporting for swapped pages (Anton Arapov ) [443749]\n- [misc] optional panic on softlockup warnings (Prarit Bhargava ) [445422]\n- [net] sctp: support remote address table oid (Neil Horman ) [435110]\n- [nfs] knfsd: revoke setuid/setgid when uid/gid changes (Jeff Layton ) [443043]\n- [nfs] remove error field from nfs_readdir_descriptor_t (Jeff Layton ) [437479]\n[2.6.18-98.el5]\n- [nfs] sunrpc: sleeping rpc_malloc might deadlock (Jeff Layton ) [451317]\n- [gfs2] initial write performance very slow (Benjamin Marzinski ) [432826]\n- [ia64] avoid unnecessary TLB flushes when allocating mem (Doug Chapman ) [435362]\n- [gfs2] lock_dlm: deliver callbacks in the right order (Bob Peterson ) [447748]\n- [sound] alsa: HDA driver update from upstream 2008-06-11 (Jaroslav Kysela ) [451007]\n- [x86_64] xen: fix syscall return when tracing (Chris Lalancette ) [453394]\n- [fs] ext3: lighten up resize transaction requirements (Eric Sandeen ) [425955]\n- [xen] PVFB probe & suspend fixes (Markus Armbruster ) [434800]\n- [nfs] ensure that options turn off attribute caching (Peter Staubach ) [450184]\n- [x86_64] memmap flag results in bogus RAM map output (Prarit Bhargava ) [450244]\n- [nfs] sunrpc: fix a race in rpciod_down (Jeff Layton ) [448754]\n- [nfs] sunrpc: fix hang due to eventd deadlock (Jeff Layton ) [448754]\n- [gfs2] d_doio stuck in readv waiting for pagelock (Bob Peterson ) [432057]\n- [fs] ext3: fix lock inversion in direct io (Josef Bacik ) [439194]\n- [fs] jbd: fix journal overflow issues (Josef Bacik ) [439193]\n- [fs] jbd: fix typo in recovery code (Josef Bacik ) [447742]\n- [openib] small ipoib packet can cause an oops (Doug Ledford ) [445731]\n- [sched] domain range turnable params for wakeup_idle (Kei Tokunaga ) [426971]\n- [edac] k8_edac: fix typo in user visible message (Aristeu Rozanski ) [446068]\n- [net] ipv6: dont handle default routes specially (Neil Horman ) [426895 243526]\n- [fs] ext3: unmount hang when quota-enabled goes error-RO (Eric Sandeen ) [429054]\n- [net] ipv6: no addrconf for bonding slaves (Andy Gospodarek ) [236750]\n- [misc] fix race in switch_uid and user signal accounting (Vince Worthington ) [441762 440830]\n- [misc] /proc/pid/limits : fix duplicate array entries (Neil Horman ) [443522]\n- [nfs] v4: fix ref count and signal for callback thread (Jeff Layton ) [423521]\n- [mm] do not limit locked memory when using RLIM_INFINITY (Larry Woodman ) [442426]\n- [xen] ia64: add srlz instruction to asm (Aron Griffis ) [440261]\n- [nfs] fix transposed deltas in nfs v3 (Jeff Layton ) [437544]\n- [x86_64] gettimeofday fixes for HPET, PMTimer, TSC (Prarit Bhargava ) [250708]\n- [ia64] remove assembler warnings on head.S (Luming Yu ) [438230]\n- [misc] allow hugepage allocation to use most of memory (Larry Woodman ) [438889]\n- [edac] k8_edac: add option to report GART errors (Aristeu Rozanski ) [390601]\n- [ia64] add TIF_RESTORE_SIGMASK and pselect/ppoll syscall (Luming Yu ) [206806]\n[2.6.18-97.el5]\n- [misc] signaling msgrvc() should not pass back error (Jiri Pirko ) [452533]\n- [ia64] properly unregister legacy interrupts (Prarit Bhargava ) [445886]\n- [s390] zfcp: status read locking race (Hans-Joachim Picht ) [451278]\n- [s390] fix race with stack local wait_queue_head_t. (Hans-Joachim Picht ) [451279]\n- [s390] cio: fix system hang with reserved DASD (Hans-Joachim Picht ) [451222]\n- [s390] cio: fix unusable zfcp device after vary off/on (Hans-Joachim Picht ) [451223]\n- [s390] cio: I/O error after cable pulls (Hans-Joachim Picht ) [451281]\n- [s390] tape: race condition in tape block device driver (Hans-Joachim Picht ) [451277]\n- [gfs2] cannot use fifo nodes (Steven Whitehouse ) [450276]\n- [gfs2] bad subtraction in while-loop can cause panic (Bob Peterson ) [452004]\n- [tux] crashes kernel under high load (Anton Arapov ) [448973]\n- [dlm] move plock code from gfs2 (David Teigland ) [450138]\n- [dlm] fix basts for granted CW waiting PR/CW (David Teigland ) [450137]\n- [dlm] check for null in device_write (David Teigland ) [450136]\n- [dlm] save master info after failed no-queue request (David Teigland ) [450135]\n- [dlm] keep cached master rsbs during recovery (David Teigland ) [450133]\n- [dlm] change error message to debug (David Teigland ) [450132]\n- [dlm] fix possible use-after-free (David Teigland ) [450132]\n- [dlm] limit dir lookup loop (David Teigland ) [450132]\n- [dlm] reject normal unlock when lock waits on lookup (David Teigland ) [450132]\n- [dlm] validate messages before processing (David Teigland ) [450132]\n- [dlm] reject messages from non-members (David Teigland ) [450132]\n- [dlm] call to confirm_master in receive_request_reply (David Teigland ) [450132]\n- [dlm] recover locks waiting for overlap replies (David Teigland ) [450132]\n- [dlm] clear ast_type when removing from astqueue (David Teigland ) [450132]\n- [dlm] use fixed errno values in messages (David Teigland ) [450130]\n- [dlm] swap bytes for rcom lock reply (David Teigland ) [450130]\n- [dlm] align midcomms message buffer (David Teigland ) [450130]\n- [dlm] use dlm prefix on alloc and free functions (David Teigland ) [450130]\n- [s390] zfcp: memory handling for GID_PN (Hans-Joachim Picht ) [447727]\n- [s390] zfcp: out-of-memory handling for status_read req (Hans-Joachim Picht ) [447726]\n- [s390] zfcp: deadlock in slave_destroy handler (Hans-Joachim Picht ) [447329]\n- [s390] dasd: fix timeout handling in interrupt handler (Hans-Joachim Picht ) [447316]\n- [s390] zfcp: fix check for handles in abort handler (Hans-Joachim Picht ) [447331]\n- [s390] aes_s390 decrypt may produce wrong results in CBC (Hans-Joachim Picht ) [446191]\n- [s390x] CPU Node Affinity (Hans-Joachim Picht ) [447379]\n- [gfs2] inode indirect buffer corruption (Bob Peterson ) [345401]\n- [s390] cio: avoid machine check vs. not operational race (Hans-Joachim Picht ) [444082]\n- [s390] qeth: avoid inconsistent lock state for inet6_dev (Hans-Joachim Picht ) [444077]\n- [s390] qdio: missed inb. traffic with online FCP devices (Hans-Joachim Picht ) [444146]\n- [s390] qeth: eddp skb buff problem running EDDP guestlan (Hans-Joachim Picht ) [444014]\n- [s390] cio: kernel panic in cm_enable processing (Hans-Joachim Picht ) [442032]\n- [fs] fix bad unlock_page in pip_to_file() error path (Larry Woodman ) [439917]\n- [s390] zfcp: Enhanced Trace Facility (Hans-Joachim Picht ) [439482]\n- [s390] dasd: add support for system information messages (Hans-Joachim Picht ) [439441]\n- [s390] zcrypt: add support for large random numbers (Hans-Joachim Picht ) [439440]\n- [s390] qeth: recovery problems with failing STARTLAN (Hans-Joachim Picht ) [440420]\n- [s390] qdio: change in timeout handling during establish (Hans-Joachim Picht ) [440421]\n- [s390] lcs: ccl-seq. numbers required for prot. 802.2 (Hans-Joachim Picht ) [440416]\n- [s390] dasd: diff z/VM minidisks need a unique UID (Hans-Joachim Picht ) [440402]\n- [s390] qeth: ccl-seq. numbers req for protocol 802.2 (Hans-Joachim Picht ) [440227]\n- [s390] sclp: prevent console lockup during SE warmstart (Hans-Joachim Picht ) [436967]\n- [s390] zcrypt: disable ap polling thread per default (Hans-Joachim Picht ) [435161]\n- [s390] zfcp: hold lock on port/unit handle for task cmd (Hans-Joachim Picht ) [434959]\n- [s390] zfcp: hold lock on port handle for ELS command (Hans-Joachim Picht ) [434955]\n- [s390] zfcp: hold lock on port/unit handle for FCP cmd (Hans-Joachim Picht ) [433537]\n- [s390] zfcp: hold lock when checking port/unit handle (Hans-Joachim Picht ) [434953]\n- [s390] zfcp: handling of boxed port after physical close (Hans-Joachim Picht ) [434801]\n- [s390] dasd: fix ifcc handling (Hans-Joachim Picht ) [431592]\n- [s390] cio: introduce timed recovery procedure (Hans-Joachim Picht ) [430593]\n- [s390] cio: sense id works with partial hw response (Hans-Joachim Picht ) [430787]\n- [s390] zfcp: fix use after free bug (Hans-Joachim Picht ) [412881]\n- [s390] cio: add missing reprobe loop end statement (Hans-Joachim Picht ) [412891]\n- [s390] zfcp: imbalance in erp_ready_sem usage (Hans-Joachim Picht ) [412831]\n- [s390] zfcp: zfcp_erp_action_dismiss will ignore actions (Hans-Joachim Picht ) [409091]\n- [s390] zfcp: Units are reported as BOXED (Hans-Joachim Picht ) [412851]\n- [s390] zfcp: Reduce flood on hba trace (Hans-Joachim Picht ) [415951]\n- [s390] zfcp: Deadlock when adding invalid LUN (Hans-Joachim Picht ) [412841]\n- [s390] pav alias disks not detected on lpar (Hans-Joachim Picht ) [416081]\n[2.6.18-96.el5]\n- [net] randomize udp port allocation (Eugene Teo ) [454572]\n- [tty] add NULL pointer checks (Aristeu Rozanski ) [453154]\n- [misc] ttyS1 lost interrupt, stops transmitting v2 (Brian Maly ) [451157]\n- [net] sctp: make sure sctp_addr does not overflow (David S. Miller ) [452483]\n- [sys] sys_setrlimit: prevent setting RLIMIT_CPU to 0 (Neil Horman ) [437122]\n- [net] sit: exploitable remote memory leak (Jiri Pirko ) [446039]\n- [x86_64] zero the output of string inst on exception (Jiri Pirko ) [451276] {CVE-2008-2729}\n- [net] dccp: sanity check feature length (Anton Arapov ) [447396] {CVE-2008-2358}\n- [misc] buffer overflow in ASN.1 parsing routines (Anton Arapov ) [444465] {CVE-2008-1673}\n- [x86_64] write system call vulnerability (Anton Arapov ) [433945] {CVE-2008-0598}\n[2.6.18-95.el5]\n- [net] Fixing bonding rtnl_lock screwups (Fabio Olive Leite ) [450219]\n- [x86_64]: extend MCE banks support for Dunnington, Nehalem (Prarit Bhargava ) [446673]\n- [nfs] address nfs rewrite performance regression in RHEL5 (Eric Sandeen ) [436004]\n- [mm] Make mmap() with PROT_WRITE on RHEL5 (Larry Woodman ) [448978]\n- [i386]: Add check for supported_cpus in powernow_k8 driver (Prarit Bhargava ) [443853]\n- [i386]: Add check for dmi_data in powernow_k8 driver (Prarit Bhargava ) [443853]\n- [sata] update sata_svw (John Feeney ) [441799]\n- [net] fix recv return zero (Thomas Graf ) [435657]\n- [misc] kernel crashes on futex (Anton Arapov ) [435178]\n[2.6.18-94.el5]\n- [misc] ttyS1 loses interrupt and stops transmitting (Simon McGrath ) [440121]\n[2.6.18-93.el5]\n- [x86] sanity checking for read_tsc on i386 (Brian Maly ) [443435]\n- [xen] netfront: send fake arp when link gets carrier (Herbert Xu ) [441716]\n- [net] fix xfrm reverse flow lookup for icmp6 (Neil Horman ) [446250]\n- [net] negotiate all algorithms when id bit mask zero (Neil Horman ) [442820]\n- [net] 32/64 bit compat MCAST_ sock options support (Neil Horman ) [444582]\n- [misc] add CPU hotplug support for relay functions (Kei Tokunaga ) [441523]", "cvss3": {}, "published": "2009-01-27T00:00:00", "type": "oraclelinux", "title": "Oracle Enterprise Linux 5.3 kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2008-4554", "CVE-2007-6417", "CVE-2008-3272", "CVE-2008-5029", "CVE-2008-0598", "CVE-2008-3496", "CVE-2008-3831", "CVE-2007-5907", "CVE-2008-2372", "CVE-2008-3527", "CVE-2008-5182", "CVE-2008-5079", "CVE-2006-5755", "CVE-2008-2729", "CVE-2008-4576", "CVE-2008-5300", "CVE-2008-3276", "CVE-2008-2358", "CVE-2008-4210", "CVE-2008-3275", "CVE-2008-1673"], "modified": "2009-01-27T00:00:00", "id": "ELSA-2009-0225", "href": "http://linux.oracle.com/errata/ELSA-2009-0225.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2023-09-08T08:06:40", "description": "**CentOS Errata and Security Advisory** CESA-2009:0014\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update addresses the following security issues:\n\n* the sendmsg() function in the Linux kernel did not block during UNIX\nsocket garbage collection. This could, potentially, lead to a local denial\nof service. (CVE-2008-5300, Important)\n\n* when fput() was called to close a socket, the __scm_destroy() function in\nthe Linux kernel could make indirect recursive calls to itself. This could,\npotentially, lead to a local denial of service. (CVE-2008-5029, Important)\n\n* a deficiency was found in the Linux kernel virtual file system (VFS)\nimplementation. This could allow a local, unprivileged user to make a\nseries of file creations within deleted directories, possibly causing a\ndenial of service. (CVE-2008-3275, Moderate)\n\n* a buffer underflow flaw was found in the Linux kernel IB700 SBC watchdog\ntimer driver. This deficiency could lead to a possible information leak. By\ndefault, the \"/dev/watchdog\" device is accessible only to the root user.\n(CVE-2008-5702, Low)\n\n* the hfs and hfsplus file systems code failed to properly handle corrupted\ndata structures. This could, potentially, lead to a local denial of\nservice. (CVE-2008-4933, CVE-2008-5025, Low)\n\n* a flaw was found in the hfsplus file system implementation. This could,\npotentially, lead to a local denial of service when write operations were\nperformed. (CVE-2008-4934, Low)\n\nThis update also fixes the following bugs:\n\n* when running Red Hat Enterprise Linux 4.6 and 4.7 on some systems running\nIntel\u00ae CPUs, the cpuspeed daemon did not run, preventing the CPU speed from\nbeing changed, such as not being reduced to an idle state when not in use.\n\n* mmap() could be used to gain access to beyond the first megabyte of RAM,\ndue to insufficient checks in the Linux kernel code. Checks have been added\nto prevent this.\n\n* attempting to turn keyboard LEDs on and off rapidly on keyboards with\nslow keyboard controllers, may have caused key presses to fail.\n\n* after migrating a hypervisor guest, the MAC address table was not\nupdated, causing packet loss and preventing network connections to the\nguest. Now, a gratuitous ARP request is sent after migration. This\nrefreshes the ARP caches, minimizing network downtime.\n\n* writing crash dumps with diskdump may have caused a kernel panic on\nNon-Uniform Memory Access (NUMA) systems with certain memory\nconfigurations.\n\n* on big-endian systems, such as PowerPC, the getsockopt() function\nincorrectly returned 0 depending on the parameters passed to it when the\ntime to live (TTL) value equaled 255, possibly causing memory corruption\nand application crashes.\n\n* a problem in the kernel packages provided by the RHSA-2008:0508 advisory\ncaused the Linux kernel's built-in memory copy procedure to return the\nwrong error code after recovering from a page fault on AMD64 and Intel 64\nsystems. This may have caused other Linux kernel functions to return wrong\nerror codes.\n\n* a divide-by-zero bug in the Linux kernel process scheduler, which may\nhave caused kernel panics on certain systems, has been resolved.\n\n* the netconsole kernel module caused the Linux kernel to hang when slave\ninterfaces of bonded network interfaces were started, resulting in a system\nhang or kernel panic when restarting the network.\n\n* the \"/proc/xen/\" directory existed even if systems were not running Red\nHat Virtualization. This may have caused problems for third-party software\nthat checks virtualization-ability based on the existence of \"/proc/xen/\".\nNote: this update will remove the \"/proc/xen/\" directory on systems not\nrunning Red Hat Virtualization.\n\nAll Red Hat Enterprise Linux 4 users should upgrade to these updated\npackages, which contain backported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2009-January/077718.html\nhttps://lists.centos.org/pipermail/centos-announce/2009-January/077719.html\n\n**Affected packages:**\nkernel\nkernel-devel\nkernel-doc\nkernel-hugemem\nkernel-hugemem-devel\nkernel-largesmp\nkernel-largesmp-devel\nkernel-smp\nkernel-smp-devel\nkernel-xenU\nkernel-xenU-devel\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2009:0014", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2009-01-15T13:41:46", "type": "centos", "title": "kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3275", "CVE-2008-4933", "CVE-2008-4934", "CVE-2008-5025", "CVE-2008-5029", "CVE-2008-5300", "CVE-2008-5702"], "modified": "2009-01-15T13:41:46", "id": "CESA-2009:0014", "href": "https://lists.centos.org/pipermail/centos-announce/2009-January/077718.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-09-08T05:50:06", "description": "**CentOS Errata and Security Advisory** CESA-2009:1550\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes:\n\n* when fput() was called to close a socket, the __scm_destroy() function in\nthe Linux kernel could make indirect recursive calls to itself. This could,\npotentially, lead to a denial of service issue. (CVE-2008-5029, Important)\n\n* the sendmsg() function in the Linux kernel did not block during UNIX\nsocket garbage collection. This could, potentially, lead to a local denial\nof service. (CVE-2008-5300, Important)\n\n* the exit_notify() function in the Linux kernel did not properly reset the\nexit signal if a process executed a set user ID (setuid) application before\nexiting. This could allow a local, unprivileged user to elevate their\nprivileges. (CVE-2009-1337, Important)\n\n* a flaw was found in the Intel PRO/1000 network driver in the Linux\nkernel. Frames with sizes near the MTU of an interface may be split across\nmultiple hardware receive descriptors. Receipt of such a frame could leak\nthrough a validation check, leading to a corruption of the length check. A\nremote attacker could use this flaw to send a specially-crafted packet that\nwould cause a denial of service or code execution. (CVE-2009-1385,\nImportant)\n\n* the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared when a\nsetuid or setgid program was executed. A local, unprivileged user could use\nthis flaw to bypass the mmap_min_addr protection mechanism and perform a\nNULL pointer dereference attack, or bypass the Address Space Layout\nRandomization (ASLR) security feature. (CVE-2009-1895, Important)\n\n* it was discovered that, when executing a new process, the clear_child_tid\npointer in the Linux kernel is not cleared. If this pointer points to a\nwritable portion of the memory of the new program, the kernel could corrupt\nfour bytes of memory, possibly leading to a local denial of service or\nprivilege escalation. (CVE-2009-2848, Important)\n\n* missing initialization flaws were found in getname() implementations in\nthe IrDA sockets, AppleTalk DDP protocol, NET/ROM protocol, and ROSE\nprotocol implementations in the Linux kernel. Certain data structures in\nthese getname() implementations were not initialized properly before being\ncopied to user-space. These flaws could lead to an information leak.\n(CVE-2009-3002, Important)\n\n* a NULL pointer dereference flaw was found in each of the following\nfunctions in the Linux kernel: pipe_read_open(), pipe_write_open(), and\npipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could\nbe released by other processes before it is used to update the pipe's\nreader and writer counters. This could lead to a local denial of service or\nprivilege escalation. (CVE-2009-3547, Important)\n\nBug fixes:\n\n* this update adds the mmap_min_addr tunable and restriction checks to help\nprevent unprivileged users from creating new memory mappings below the\nminimum address. This can help prevent the exploitation of NULL pointer\ndereference bugs. Note that mmap_min_addr is set to zero (disabled) by\ndefault for backwards compatibility. (BZ#512642)\n\n* a bridge reference count problem in IPv6 has been fixed. (BZ#457010)\n\n* enforce null-termination of user-supplied arguments to setsockopt().\n(BZ#505514)\n\n* the gcc flag \"-fno-delete-null-pointer-checks\" was added to the kernel\nbuild options. This prevents gcc from optimizing out NULL pointer checks\nafter the first use of a pointer. NULL pointer bugs are often exploited by\nattackers. Keeping these checks is a safety measure. (BZ#511185)\n\n* a check has been added to the IPv4 code to make sure that rt is not NULL,\nto help prevent future bugs in functions that call ip_append_data() from\nbeing exploitable. (BZ#520300)\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2009-November/078462.html\nhttps://lists.centos.org/pipermail/centos-announce/2009-November/078463.html\n\n**Affected packages:**\nkernel\nkernel-BOOT\nkernel-doc\nkernel-hugemem\nkernel-hugemem-unsupported\nkernel-smp\nkernel-smp-unsupported\nkernel-source\nkernel-unsupported\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2009:1550", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2009-11-04T00:55:32", "type": "centos", "title": "kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5029", "CVE-2008-5300", "CVE-2009-1337", "CVE-2009-1385", "CVE-2009-1895", "CVE-2009-2848", "CVE-2009-3002", "CVE-2009-3547"], "modified": "2009-11-04T00:56:16", "id": "CESA-2009:1550", "href": "https://lists.centos.org/pipermail/centos-announce/2009-November/078462.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:09:51", "description": "This update fixes various security issues and several bugs in the openSUSE 11.0 kernel.\n#### Solution\nThere is no known workaround, please install the update packages.", "cvss3": {}, "published": "2009-01-20T17:01:02", "type": "suse", "title": "local privilege escalation in kernel-debug", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2008-5702", "CVE-2008-4554", "CVE-2008-5700", "CVE-2008-5029", "CVE-2008-3831", "CVE-2008-5182", "CVE-2008-5079", "CVE-2008-5025", "CVE-2008-5300", "CVE-2008-4933"], "modified": "2009-01-20T17:01:02", "id": "SUSE-SA:2009:003", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00005.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "debian": [{"lastseen": "2023-05-02T17:15:37", "description": "- ----------------------------------------------------------------------\nDebian Security Advisory DSA-1687-1 security@debian.org\nhttp://www.debian.org/security/ dann frazier\nDec 15, 2008 http://www.debian.org/security/faq\n- ----------------------------------------------------------------------\n\nPackage : linux-2.6\nVulnerability : denial of service/privilege escalation\nProblem type : local/remote\nDebian-specific: no\nCVE Id(s) : CVE-2008-3527 CVE-2008-3528 CVE-2008-4554 CVE-2008-4576\n CVE-2008-4933 CVE-2008-4934 CVE-2008-5025 CVE-2008-5029\n CVE-2008-5079 CVE_2008-5182 CVE-2008-5300\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2008-3527\n\n Tavis Ormandy reported a local DoS and potential privilege\n escalation in the Virtual Dynamic Shared Objects (vDSO)\n implementation.\n\nCVE-2008-3528\n\n Eugene Teo reported a local DoS issue in the ext2 and ext3\n filesystems. Local users who have been granted the privileges\n necessary to mount a filesystem would be able to craft a corrupted\n filesystem that causes the kernel to output error messages in an\n infinite loop.\n\nCVE-2008-4554\n\n Milos Szeredi reported that the usage of splice() on files opened\n with O_APPEND allows users to write to the file at arbitrary\n offsets, enabling a bypass of possible assumed semantics of the\n O_APPEND flag.\n\nCVE-2008-4576\n\n Vlad Yasevich reported an issue in the SCTP subsystem that may\n allow remote users to cause a local DoS by triggering a kernel\n oops.\n\nCVE-2008-4933\n\n Eric Sesterhenn reported a local DoS issue in the hfsplus\n filesystem. Local users who have been granted the privileges\n necessary to mount a filesystem would be able to craft a corrupted\n filesystem that causes the kernel to overrun a buffer, resulting\n in a system oops or memory corruption.\n\nCVE-2008-4934\n\n Eric Sesterhenn reported a local DoS issue in the hfsplus\n filesystem. Local users who have been granted the privileges\n necessary to mount a filesystem would be able to craft a corrupted\n filesystem that results in a kernel oops due to an unchecked\n return value.\n\nCVE-2008-5025\n\n Eric Sesterhenn reported a local DoS issue in the hfs filesystem.\n Local users who have been granted the privileges necessary to\n mount a filesystem would be able to craft a filesystem with a\n corrupted catalog name length, resulting in a system oops or\n memory corruption.\n\nCVE-2008-5029\n\n Andrea Bittau reported a DoS issue in the unix socket subsystem\n that allows a local user to cause memory corruption, resulting in\n a kernel panic.\n\nCVE-2008-5079\n\n Hugo Dias reported a DoS condition in the ATM subsystem that can\n be triggered by a local user by calling the svc_listen function\n twice on the same socket and reading /proc/net/atm/*vc.\n\nCVE_2008-5182\n\n Al Viro reported race conditions in the inotify subsystem that may\n allow local users to acquire elevated privileges.\n\nCVE-2008-5300\n\n Dann Frazier reported a DoS condition that allows local users to\n cause the out of memory handler to kill off privileged processes\n or trigger soft lockups due to a starvation issue in the unix\n socket subsystem.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 2.6.18.dfsg.1-23etch1.\n\nWe recommend that you upgrade your linux-2.6, fai-kernels, and\nuser-mode-linux packages.\n\nNote: Debian &#x27;etch&#x27; includes linux kernel packages based upon both the\n2.6.18 and 2.6.24 linux releases. All known security issues are\ncarefully tracked against both packages and both packages will receive\nsecurity updates until security support for Debian &#x27;etch&#x27;\nconcludes. However, given the high frequency at which low-severity\nsecurity issues are discovered in the kernel and the resource\nrequirements of doing an update, lower severity 2.6.18 and 2.6.24\nupdates will typically release in a staggered or &quot;leap-frog&quot; fashion.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nThe following matrix lists additional source packages that were rebuilt for\ncompatability with or to take advantage of this update:\n\n Debian 4.0 (etch)\n fai-kernels 1.17+etch.23etch1\n user-mode-linux 2.6.18-1um-2etch.23etch1\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.23etch1.diff.gz\n Size/MD5 checksum: 19360 f0384a843ffc8952cbff2e25fe627a6b\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-23etch1.diff.gz\n Size/MD5 checksum: 5413401 4a10af0cabdc8530b9c0d72891db9a42\n http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz\n Size/MD5 checksum: 14435 4d10c30313e11a24621f7218c31f3582\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz\n Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060\n http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.23etch1.tar.gz\n Size/MD5 checksum: 57771 c453400f733526582aa19eec52109711\n http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.23etch1.dsc\n Size/MD5 checksum: 740 f36c4fb705e5b9c7d698421d0aacf047\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-23etch1.dsc\n Size/MD5 checksum: 5672 8293966d44f0bf254e9f9f5ed1630542\n http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.23etch1.dsc\n Size/MD5 checksum: 892 c7b86a1845bc273e6a7f0471e0555e58\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-23etch1_all.deb\n Size/MD5 checksum: 1682698 9a53cd9991cfb454d638dbad8cea00b3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-23etch1_all.deb\n Size/MD5 checksum: 41465432 23de1cd9c2a0fbb63065f924e5a9d00f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-23etch1_all.deb\n Size/MD5 checksum: 3591554 d533d238b7e6864a72d0161a26ebb31a\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-23etch1_all.deb\n Size/MD5 checksum: 56918 822b3798ded87ac2b2729e55d410084e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-23etch1_all.deb\n Size/MD5 checksum: 1090466 1f40c0abee8e501ef9ec411045f542f5\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-23etch1_all.deb\n Size/MD5 checksum: 3720252 97794d565ab5db3db6cba485c2af80f0\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-generic_2.6.18.dfsg.1-23etch1_alpha.deb\n Size/MD5 checksum: 269882 c508165b7055b5193accbb4cdc037671\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-23etch1_alpha.deb\n Size/MD5 checksum: 23468062 084f93a39246bf56e459ce5c831e0f36\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-23etch1_alpha.deb\n Size/MD5 checksum: 270122 e14bc28b97a2ef24f619b5e16d72f175\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-23etch1_alpha.deb\n Size/MD5 checksum: 270508 c85a852e5eaddd497fa52df9f54c426f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-23etch1_alpha.deb\n Size/MD5 checksum: 23540558 a415d6aa887683a04706d9a6274549ed\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-23etch1_alpha.deb\n Size/MD5 checksum: 56324 ffaae9d352af3b89e8166e2751ff3e47\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-alpha_2.6.18.dfsg.1-23etch1_alpha.deb\n Size/MD5 checksum: 56358 913ae5005ebdf8f65944e0f86d5f5242\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-23etch1_alpha.deb\n Size/MD5 checksum: 3030252 2d943108a84cc4a642465732859ee59d\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-smp_2.6.18.dfsg.1-23etch1_alpha.deb\n Size/MD5 checksum: 269298 0e763ecd42cc9c8dca46a4abc14754ce\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-23etch1_alpha.deb\n Size/MD5 checksum: 3055080 07159b547402fc8e14b8a02e0310a1c3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-smp_2.6.18.dfsg.1-23etch1_alpha.deb\n Size/MD5 checksum: 23846502 aebc7b1a914bae3eec6c5ce06eae800a\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-generic_2.6.18.dfsg.1-23etch1_alpha.deb\n Size/MD5 checksum: 23488466 177f9079cdaa79bb409b8f79ad91db2f\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-23etch1_amd64.deb\n Size/MD5 checksum: 3170560 255cf26cc9f2a0caa6ce02fda46d7070\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-amd64_2.6.18.dfsg.1-23etch1_amd64.deb\n Size/MD5 checksum: 15263274 af1df9c75bc768c64ce052962d81b8e7\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-23etch1_amd64.deb\n Size/MD5 checksum: 56316 13388b32d4f08245e24a3055ad369d6a\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-23etch1_amd64.deb\n Size/MD5 checksum: 274084 1446f3f108c3ef6f710e1c83bdc7794c\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-23etch1_amd64.deb\n Size/MD5 checksum: 16865488 e74a4409424bc37afd3cf8d84e7a88ef\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-23etch1_amd64.deb\n Size/MD5 checksum: 273434 88baa6c7c91768f11cf7356963f0bb21\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-23etch1_amd64.deb\n Size/MD5 checksum: 3359676 1fe292880b5f92a74e6bca61695082f3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-amd64_2.6.18.dfsg.1-23etch1_amd64.deb\n Size/MD5 checksum: 56338 a5bcb5abdc16f269afeb96d50f725136\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-23etch1_amd64.deb\n Size/MD5 checksum: 15276526 f2eec94a9296818d23e1e970abc78d37\n http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.23etch1_amd64.deb\n Size/MD5 checksum: 5965696 94d7fd7aa223d2f54bcb64cbf553b299\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-23etch1_amd64.deb\n Size/MD5 checksum: 3193726 368d1927a908710ac8a243776e32c3d5\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-23etch1_amd64.deb\n Size/MD5 checksum: 3336820 46a4ddc2261240174c15cc854ed4ff08\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-amd64_2.6.18.dfsg.1-23etch1_amd64.deb\n Size/MD5 checksum: 1654746 c4a5b2789d28ab76a9bedebf0a8916c8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-23etch1_amd64.deb\n Size/MD5 checksum: 16821542 978c7d8f1be5b7489a9e566cfc91acc1\n http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-amd64_2.6.18.dfsg.1-23etch1_amd64.deb\n Size/MD5 checksum: 56294 3fa8984302102d25341ed91540c6ed1f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-23etch1_amd64.deb\n Size/MD5 checksum: 1687270 8da6624be3045a0a6893d6038db454e3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-23etch1_amd64.deb\n Size/MD5 checksum: 273164 985a1e8e8719d786b32db0162f999b2f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-amd64_2.6.18.dfsg.1-23etch1_amd64.deb\n Size/MD5 checksum: 273524 f00fff5b0c7480e6e16a32d9ccaa2c03\n http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-23etch1_amd64.deb\n Size/MD5 checksum: 56306 93073a5b9a30ea081f0e9c12c6488d62\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-ixp4xx_2.6.18.dfsg.1-23etch1_arm.deb\n Size/MD5 checksum: 8874552 a280220d21fc5f33397ceccb611b16d3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-iop32x_2.6.18.dfsg.1-23etch1_arm.deb\n Size/MD5 checksum: 236070 b8d951c3d18f5850af73db2d5afe93a6\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-footbridge_2.6.18.dfsg.1-23etch1_arm.deb\n Size/MD5 checksum: 235742 5212f40bfeace58989418ae3d8eb6e85\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-rpc_2.6.18.dfsg.1-23etch1_arm.deb\n Size/MD5 checksum: 201472 d25b41af0a2f65cd399c754855680087\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-rpc_2.6.18.dfsg.1-23etch1_arm.deb\n Size/MD5 checksum: 4591646 e2480d80466cb9dd0f6a225d25c256a6\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s3c2410_2.6.18.dfsg.1-23etch1_arm.deb\n Size/MD5 checksum: 5015244 e0db634e60cfd8182051d7fdc44b5961\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-iop32x_2.6.18.dfsg.1-23etch1_arm.deb\n Size/MD5 checksum: 7927900 94e7099950e3e48ec90a0a120ac48c3e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-23etch1_arm.deb\n Size/MD5 checksum: 3412788 0d97a5df1ef81a19bb749f7eff564450\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-arm_2.6.18.dfsg.1-23etch1_arm.deb\n Size/MD5 checksum: 56422 698a5a5e7869490e094876dee3ccb040\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-23etch1_arm.deb\n Size/MD5 checksum: 56370 92d68631cccf9193aa86be44565293b9\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s3c2410_2.6.18.dfsg.1-23etch1_arm.deb\n Size/MD5 checksum: 206500 5ac78126922a636b71ee93be06a8efc0\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-ixp4xx_2.6.18.dfsg.1-23etch1_arm.deb\n Size/MD5 checksum: 241160 b3ba90c2e590d5f2d35b2ec87f0583e4\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-footbridge_2.6.18.dfsg.1-23etch1_arm.deb\n Size/MD5 checksum: 7571386 858738aafc789736b85a240abb06d6d1\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-23etch1_hppa.deb\n Size/MD5 checksum: 11816650 3eb4a8a52b839f37522c13bf261c2baf\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc-smp_2.6.18.dfsg.1-23etch1_hppa.deb\n Size/MD5 checksum: 198896 a243bf6d1631e669536291524fd97ba8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-hppa_2.6.18.dfsg.1-23etch1_hppa.deb\n Size/MD5 checksum: 56350 c692a9c128d4fb72bdf62443208b9afc\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc-smp_2.6.18.dfsg.1-23etch1_hppa.deb\n Size/MD5 checksum: 11006106 0def26738a5c0a14e25159f54ef45c9e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc_2.6.18.dfsg.1-23etch1_hppa.deb\n Size/MD5 checksum: 197558 bd829e318bf0ca91e73fae9591baa333\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64_2.6.18.dfsg.1-23etch1_hppa.deb\n Size/MD5 checksum: 11410956 261b9a7e7b2404c6eacd2317b9e26973\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-23etch1_hppa.deb\n Size/MD5 checksum: 56326 6dcc57928f2d3ce4fb73d0450e66ceaf\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-23etch1_hppa.deb\n Size/MD5 checksum: 199820 1a553bcc50cf8010f555eec232d633fc\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-23etch1_hppa.deb\n Size/MD5 checksum: 3024676 bf1f90dbddccc38ecdbabc350dbb080e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64_2.6.18.dfsg.1-23etch1_hppa.deb\n Size/MD5 checksum: 198504 2b5266526f59cb83af41ea197cd14e3b\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc_2.6.18.dfsg.1-23etch1_hppa.deb\n Size/MD5 checksum: 10559544 bd90bbbc7d8a8c6906a51bbf49b3e139\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-23etch1_i386.deb\n Size/MD5 checksum: 3212506 2f2838b74c687f49092cba088aaa5025\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-686_2.6.18.dfsg.1-23etch1_i386.deb\n Size/MD5 checksum: 285422 716cabff79e8d108409024beedd5c761\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-23etch1_i386.deb\n Size/MD5 checksum: 56364 23fefb20fc7cfb2969c70ec3dcbfd7fc\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-23etch1_i386.deb\n Size/MD5 checksum: 3236014 280e515e4d33b74171f18d90192f2781\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-486_2.6.18.dfsg.1-23etch1_i386.deb\n Size/MD5 checksum: 289742 0291669c961118af2f8d392d83cc2009\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-686_2.6.18.dfsg.1-23etch1_i386.deb\n Size/MD5 checksum: 14388800 1ef26929395c35dd69c68e7d7d539387\n http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.23etch1_i386.deb\n Size/MD5 checksum: 25602042 8edf459235cf919e70db35db6e18a81c\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686-bigmem_2.6.18.dfsg.1-23etch1_i386.deb\n Size/MD5 checksum: 16540456 b64fd698fbb01314bd39b32b410ae487\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-23etch1_i386.deb\n Size/MD5 checksum: 278156 d87fae685c6799e42afdfb33ca8efd42\n http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.23etch1_i386.deb\n Size/MD5 checksum: 5508624 94bb0b0b80f8036b518837d5ce029f2b\n http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-23etch1_i386.deb\n Size/MD5 checksum: 56376 fbc3b44752cc24d54018e7500b7caa9c\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-k7_2.6.18.dfsg.1-23etch1_i386.deb\n Size/MD5 checksum: 16601198 58ad14c5b7a86283125b9d73f98c40ce\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-23etch1_i386.deb\n Size/MD5 checksum: 1330892 02d869d6e62a29107871094dad2d2bfb\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-k7_2.6.18.dfsg.1-23etch1_i386.deb\n Size/MD5 checksum: 286882 017783780fc1c626df5e6a739713cd2c\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-686_2.6.18.dfsg.1-23etch1_i386.deb\n Size/MD5 checksum: 278354 41e31611644a950b6a7b13e21c8fcb14\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-23etch1_i386.deb\n Size/MD5 checksum: 3114734 cc9dc53c187d950a1d154a4f59cd54df\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-23etch1_i386.deb\n Size/MD5 checksum: 14399606 21d200751abc6f09ad0fe60d5c4655ec\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-23etch1_i386.deb\n Size/MD5 checksum: 16929578 4cc1238df2386a76dcd12ce916965be5\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686-bigmem_2.6.18.dfsg.1-23etch1_i386.deb\n Size/MD5 checksum: 287314 383667c0683ced9603f2a21be6105158\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686_2.6.18.dfsg.1-23etch1_i386.deb\n Size/MD5 checksum: 16474612 6ffb3493ae7141c3af2b00e513bda9b2\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-i386_2.6.18.dfsg.1-23etch1_i386.deb\n Size/MD5 checksum: 56422 eaad4bcfac9784563526b3ef77c3bbfe\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-23etch1_i386.deb\n Size/MD5 checksum: 3228386 53af98a695ee7732f5b682f013e81c9d\n http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-686_2.6.18.dfsg.1-23etch1_i386.deb\n Size/MD5 checksum: 56348 def2ca9b2ceafe1170c6091f170d201d\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-k7_2.6.18.dfsg.1-23etch1_i386.deb\n Size/MD5 checksum: 285644 2494d714e732fe2ca909cd80e0d4fcc2\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-686_2.6.18.dfsg.1-23etch1_i386.deb\n Size/MD5 checksum: 16514302 bbeabc71068d2664535d4d3b7d166b44\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-k7_2.6.18.dfsg.1-23etch1_i386.deb\n Size/MD5 checksum: 16642362 1d69f5a6471d29ff481ccccdece1d5a3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686_2.6.18.dfsg.1-23etch1_i386.deb\n Size/MD5 checksum: 286868 76a6bbbb7810bab391fecd078ea713a6\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-486_2.6.18.dfsg.1-23etch1_i386.deb\n Size/MD5 checksum: 16323394 ac86cb6986fc48439edf76d0e78c75c4\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-23etch1_i386.deb\n Size/MD5 checksum: 276950 548444172100ee78f39b3cbddfb0bd73\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-686_2.6.18.dfsg.1-23etch1_i386.deb\n Size/MD5 checksum: 1302696 a9988c16e715718a4d4547edf77d8c63\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-23etch1_ia64.deb\n Size/MD5 checksum: 56320 22738127d1c9ce4acc5538d0014fef5d\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-ia64_2.6.18.dfsg.1-23etch1_ia64.deb\n Size/MD5 checksum: 56342 ecb66f5138131a351ea46167feda50a4\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-23etch1_ia64.deb\n Size/MD5 checksum: 3084404 5c6c1b42bc958427686de001a8f1a995\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-itanium_2.6.18.dfsg.1-23etch1_ia64.deb\n Size/MD5 checksum: 28020804 40c13c914b51a21a1a24023798899a7b\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-itanium_2.6.18.dfsg.1-23etch1_ia64.deb\n Size/MD5 checksum: 257864 475005498346a7d8b38a7c29509ccf4a\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-mckinley_2.6.18.dfsg.1-23etch1_ia64.deb\n Size/MD5 checksum: 28186348 8826f9beccdf15d89e6e93b453d512c1\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-mckinley_2.6.18.dfsg.1-23etch1_ia64.deb\n Size/MD5 checksum: 257820 0c8cc79934f006def209bb4a499c60ff\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-23etch1_mips.deb\n Size/MD5 checksum: 6126884 792de360f86746a53710e5bd33b8f163\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-23etch1_mips.deb\n Size/MD5 checksum: 56368 9a395680eae076a224dad896da65691c\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-23etch1_mips.deb\n Size/MD5 checksum: 189126 18b896582f9351dc09b6e0a70ef90831\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-23etch1_mips.deb\n Size/MD5 checksum: 170032 3458ed1dbcdc45653181b5c0fc7ecdb8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-23etch1_mips.deb\n Size/MD5 checksum: 156908 2ff3f8ac181d494d7cb4ef7222d7b07e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-23etch1_mips.deb\n Size/MD5 checksum: 165172 7a17550dcdfa31d22bf8965127c2339f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-23etch1_mips.deb\n Size/MD5 checksum: 15683930 4561323bdc5a9ad5c7c2a0ce0b6d5b76\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-23etch1_mips.deb\n Size/MD5 checksum: 3416968 6e47ae5cf9ac7bd360f619fcc3a75038\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mips_2.6.18.dfsg.1-23etch1_mips.deb\n Size/MD5 checksum: 56422 e924dcd73b5c94cabf01955f7f9a69ce\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-23etch1_mips.deb\n Size/MD5 checksum: 9081586 6949edfa7335d4dc6b8758d40e4eafbd\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-23etch1_mips.deb\n Size/MD5 checksum: 8315142 bedc220176f07a4d49a012acf38884aa\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-23etch1_mips.deb\n Size/MD5 checksum: 189364 765a041b2c8374633fac10555019d991\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-23etch1_mips.deb\n Size/MD5 checksum: 15657240 01b773f5cebd3bcb5e82a3538afd9a43\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-23etch1_mipsel.deb\n Size/MD5 checksum: 9865338 31f59099408adfc72436644f2f8d241f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-23etch1_mipsel.deb\n Size/MD5 checksum: 3352366 25617a98b59a5bfa023619f4299105af\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-23etch1_mipsel.deb\n Size/MD5 checksum: 185002 6e688580a5b5f19076b769ed6f3a04f8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-23etch1_mipsel.deb\n Size/MD5 checksum: 184774 0e0657d343cc00aba89ef941f260cb8d\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-23etch1_mipsel.deb\n Size/MD5 checksum: 158046 200fe3fc8019dc123292003cdd13ffea\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-23etch1_mipsel.deb\n Size/MD5 checksum: 6035456 df357ca827f11be089babe11ea898b64\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-23etch1_mipsel.deb\n Size/MD5 checksum: 180620 20de98111af4bad6a471d96e0089e038\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-23etch1_mipsel.deb\n Size/MD5 checksum: 56322 8c8613342248a855676af7a9051719ea\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-23etch1_mipsel.deb\n Size/MD5 checksum: 5949466 ec4818d43fa0c812535d528642cd97f6\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-23etch1_mipsel.deb\n Size/MD5 checksum: 158062 1fc66a76a56aea3b0acdad506c35afa4\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-23etch1_mipsel.deb\n Size/MD5 checksum: 15031350 7c814fc2adb6872726c73ac8798ea855\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-23etch1_mipsel.deb\n Size/MD5 checksum: 5929984 00c1d88fb99faa66fe1a4f96bf2ce23b\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-23etch1_mipsel.deb\n Size/MD5 checksum: 152628 fb85eaff880b8de07536a59b1717b7ff\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-23etch1_mipsel.deb\n Size/MD5 checksum: 15060882 f3930b91f4a1cf543478cf1642fd99fd\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mipsel_2.6.18.dfsg.1-23etch1_mipsel.deb\n Size/MD5 checksum: 56380 67c590353ceebbd73e78eb7274b419a8\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc_2.6.18.dfsg.1-23etch1_powerpc.deb\n Size/MD5 checksum: 254232 df3428d02b7caf4d8859ffa421d9fb47\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-23etch1_powerpc.deb\n Size/MD5 checksum: 3394788 bf95b7b549b0e5dff3c131f392f6df10\n http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.23etch1_powerpc.deb\n Size/MD5 checksum: 3370368 67c60e48f8171e261b681c88a5eb49c1\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc64_2.6.18.dfsg.1-23etch1_powerpc.deb\n Size/MD5 checksum: 18302236 b00e64cee1bd14e44416587727b3e4d8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-23etch1_powerpc.deb\n Size/MD5 checksum: 231830 db040067803ff3bb9a4677411a4cc25f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-23etch1_powerpc.deb\n Size/MD5 checksum: 18357864 dde6c4a10d645a9a0a531fdc1cd17669\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc64_2.6.18.dfsg.1-23etch1_powerpc.deb\n Size/MD5 checksum: 255932 4fbc330e627c9912e97d59f96eafb4e8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-powerpc_2.6.18.dfsg.1-23etch1_powerpc.deb\n Size/MD5 checksum: 56372 9886fc5b03211e6c45c0f096a3a61f53\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc_2.6.18.dfsg.1-23etch1_powerpc.deb\n Size/MD5 checksum: 16632328 c1c43bb84800ed32d9eb38638dd23d5a\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-23etch1_powerpc.deb\n Size/MD5 checksum: 15163882 fe0bc4a175982e11cce21bb1cb8ab8e7\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-23etch1_powerpc.deb\n Size/MD5 checksum: 17018420 77506217a84db6b8a788059b579a9c84\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-23etch1_powerpc.deb\n Size/MD5 checksum: 255024 30e5ea717182f1c0b6cac5bd441dccbb\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-23etch1_powerpc.deb\n Size/MD5 checksum: 255918 505c4c33c287dfdebeaa98698e97c9f3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-prep_2.6.18.dfsg.1-23etch1_powerpc.deb\n Size/MD5 checksum: 247514 f5b68002876185469625bf32d1e002be\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-prep_2.6.18.dfsg.1-23etch1_powerpc.deb\n Size/MD5 checksum: 16408190 97416532c92c57c0e33f97e19853020e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-23etch1_powerpc.deb\n Size/MD5 checksum: 56326 b058a9108e32625a78db5e411b750b6d\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-23etch1_powerpc.deb\n Size/MD5 checksum: 255198 85fcc0cdb31720c9c0bdf6043c47c138\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-23etch1_powerpc.deb\n Size/MD5 checksum: 3417130 4aa20378bea17d7cd44d77155ff36674\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-23etch1_powerpc.deb\n Size/MD5 checksum: 16974946 b132327c709f7a2a0b69c1aa3dda9ca7\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-23etch1_s390.deb\n Size/MD5 checksum: 2968510 3d7773ed1afb8221e10da8e4b4eabdba\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390-tape_2.6.18.dfsg.1-23etch1_s390.deb\n Size/MD5 checksum: 1442824 840860b7a601870db6921de4c42e238b\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390_2.6.18.dfsg.1-23etch1_s390.deb\n Size/MD5 checksum: 145978 e495aa518a5281a63e1131887335a0f0\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390_2.6.18.dfsg.1-23etch1_s390.deb\n Size/MD5 checksum: 5406378 3b9556c4af25a6f611d087500ddaa6c2\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390x_2.6.18.dfsg.1-23etch1_s390.deb\n Size/MD5 checksum: 146542 d94c8a951655f053eb92ee574b964f65\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390x_2.6.18.dfsg.1-23etch1_s390.deb\n Size/MD5 checksum: 5624558 c9f8f23a2bbbc88c1d15be853cb1f3bb\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-s390_2.6.18.dfsg.1-23etch1_s390.deb\n Size/MD5 checksum: 56342 55d68538e40adb1b9e35493b2b74915e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-23etch1_s390.deb\n Size/MD5 checksum: 56318 832d1344921a7aba3dd12519427c5a6d\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-23etch1_s390.deb\n Size/MD5 checksum: 5666984 b130f7034aec80a7bd91a4aad1bad5ab\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-23etch1_s390.deb\n Size/MD5 checksum: 2945466 a4efd6af72524aa0c66f5826b2ba64e0\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-23etch1_s390.deb\n Size/MD5 checksum: 147214 ad3a2622e0e6a8f2320a9a588ed69703\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-23etch1_sparc.deb\n Size/MD5 checksum: 10742802 231ff49c22bbdbae0140dc9321cb38d2\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64_2.6.18.dfsg.1-23etch1_sparc.deb\n Size/MD5 checksum: 201818 a8207a5a4c9fe0477e199f0e3122a9ba\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-23etch1_sparc.deb\n Size/MD5 checksum: 203204 433d0d869346e23e8d8ac404dabc6f05\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-sparc_2.6.18.dfsg.1-23etch1_sparc.deb\n Size/MD5 checksum: 56402 d153a7923ae65aa917033593d37431e3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc32_2.6.18.dfsg.1-23etch1_sparc.deb\n Size/MD5 checksum: 6462310 5ecc441c0a37c7f36e08d6ae7555f797\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64_2.6.18.dfsg.1-23etch1_sparc.deb\n Size/MD5 checksum: 10432952 a4b5abd32db9c00b8c675673da094c7a\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-23etch1_sparc.deb\n Size/MD5 checksum: 56370 8d7ecca445ea50ab719944b89f5bfeb9\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-23etch1_sparc.deb\n Size/MD5 checksum: 202588 bbffae6906ea1411033d990001e7bd45\n http://security.debian.org/pool/updates/main/l/linux-2.6/lin