CVE-2011-1593

Опубликовано: 13 апр. 2011

Источник: redhat

CVSS2: 4.7

Описание

Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4 allow local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call.

Отчет

This issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0927.html, https://rhn.redhat.com/errata/RHSA-2011-1189.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 4	kernel	Affected
Red Hat Enterprise MRG 1	realtime-kernel	Affected
Red Hat Enterprise Linux 5	kernel	Fixed	RHSA-2011:0927	15.07.2011
Red Hat Enterprise Linux 6	kernel	Fixed	RHSA-2011:1189	23.08.2011
Red Hat Enterprise MRG 2	kernel-rt	Fixed	RHSA-2011:1253	12.09.2011