FrSIRT - Fedora Security Update Fixes Kernel ALSA Information Disclosure Issue / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes Kernel ALSA Information Disclosure Issue

Title : Fedora Security Update Fixes Kernel ALSA Information Disclosure Issue
Advisory ID : FrSIRT/ADV-2007-3290
CVE ID : CVE-2007-4571
Rated as : Low Risk

Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-10-01

Advisory Details

Description

Affected Products

Solution

References

Technical Description

A vulnerability has been identified in Fedora, which could be exploited by local attackers to gain knowledge of sensitive information [...]

Solution

Upgrade the affected packages :

ded8d1fc5337571235c808f44c71bd846c41242b kernel-doc-2.6.22.9-91.fc7.noarch.rpm
1956d5e9aaf65f5e835b8e6e396e516b007c52fc kernel-headers-2.6.22.9-91.fc7.i386.rpm
7e1ba3130d0321cd38a2a914c3e4b6f98f050a6d kernel-debug-debuginfo-2.6.22.9-91.fc7.i686.rpm
b49690e78a7bd729260052d36dc73b95c265e447 kernel-PAE-debug-devel-2.6.22.9-91.fc7.i686.rpm
616b0c9ba450ab1bd2409019d5bb283371c6ae86 kernel-devel-2.6.22.9-91.fc7.i686.rpm
ddf333bad5a99b9af58927cd75967668f2af429b kernel-PAE-debug-2.6.22.9-91.fc7.i686.rpm
f4eac2ab26a5d1eef3367bf6c245de3e9abab065 kernel-PAE-2.6.22.9-91.fc7.i686.rpm
3bbdd59a0a398c621841e81f733f998cdef23cf8 kernel-debug-devel-2.6.22.9-91.fc7.i686.rpm
996c28b9af040d53f962f069ed05c1c6540e9e94 kernel-debuginfo-2.6.22.9-91.fc7.i686.rpm
8c936895c487c1f24012cf9e0b30449ed27c8a0c kernel-PAE-debug-debuginfo-2.6.22.9-91.fc7.i686.rpm
10d875a6f391c0dbd0b716e34374b5e4939721eb kernel-debuginfo-common-2.6.22.9-91.fc7.i686.rpm
1a9b5293ddb75bba95d8f84890ace9e0838c7ebb kernel-PAE-debuginfo-2.6.22.9-91.fc7.i686.rpm
3ce5add3bf59a095e0d29efef79e705612e15b4b kernel-2.6.22.9-91.fc7.i686.rpm
c1169c36e948428e7f8e182c2cb74ff5b5a3f23f kernel-PAE-devel-2.6.22.9-91.fc7.i686.rpm
5f9083823e3fd71b9b3d9440ee60e10e1a1c0d05 kernel-debug-2.6.22.9-91.fc7.i686.rpm
4e96bd369ccb90e4ec671c2998ddd604ab5c8b0b kernel-kdump-debuginfo-2.6.22.9-91.fc7.ppc64.rpm
1cf94bc2ce8c0af0d15b895b5a948ca43b385669 kernel-debuginfo-2.6.22.9-91.fc7.ppc64.rpm
c147ffd8e125391ffacd4cbdadb093a64186820a kernel-kdump-2.6.22.9-91.fc7.ppc64.rpm
4a464f8a78c2611a79661e46b53f536252672dfa kernel-2.6.22.9-91.fc7.ppc64.rpm
88a5fd675b965017a4262f3b49ed016bd29b20d7 kernel-devel-2.6.22.9-91.fc7.ppc64.rpm
d080c778cfdac35df04c0101ab626a4abe45bff1 kernel-headers-2.6.22.9-91.fc7.ppc64.rpm
05f33f05ee3b2d8f68ab4746bfa084c1b6bf76c5 kernel-kdump-devel-2.6.22.9-91.fc7.ppc64.rpm
b7b095d6030cce13eb84cbcb4a68f4ee3060aa5f kernel-debuginfo-common-2.6.22.9-91.fc7.ppc64.rpm
959040509514ae186ff9aa40fa4ae5e834b556eb kernel-devel-2.6.22.9-91.fc7.i586.rpm
7bb0ef2921d6c8cf497569a87395fea15000523c kernel-2.6.22.9-91.fc7.i586.rpm
08e5c207b48bdad931c339136cae4f2df8de6559 kernel-debuginfo-common-2.6.22.9-91.fc7.i586.rpm
a2f40d5dfea1b494382cc91c2851deccff882022 kernel-debuginfo-2.6.22.9-91.fc7.i586.rpm
818e715d7bf700ad1d108f583e222889cdbc09b7 kernel-headers-2.6.22.9-91.fc7.x86_64.rpm
041802134c6bc8d4a53d41172252e82647621629 kernel-debug-debuginfo-2.6.22.9-91.fc7.x86_64.rpm
347989524c5bd267a407c160a0fbe5c7dce36ccd kernel-debug-devel-2.6.22.9-91.fc7.x86_64.rpm
bfd1cefa14bd487075bb6c3c4cb278aed8193c82 kernel-devel-2.6.22.9-91.fc7.x86_64.rpm
ded56fb621a75d110598861e10502083a496c41f kernel-2.6.22.9-91.fc7.x86_64.rpm
2f958988457c14b63d490b6eb761a21d74290de7 kernel-debuginfo-2.6.22.9-91.fc7.x86_64.rpm
e64cc4ba72c89e4e89272c5c47a8709780386cbd kernel-debuginfo-common-2.6.22.9-91.fc7.x86_64.rpm
29f33fa2f65032b3035d28626b73d6cb638c5165 kernel-debug-2.6.22.9-91.fc7.x86_64.rpm
fb8a0d51853287e9edd87f8356907c67971c8864 kernel-smp-2.6.22.9-91.fc7.ppc.rpm
8ab3e91e16f2ea44fd7ae5d4ad927b27e4ef34c2 kernel-2.6.22.9-91.fc7.ppc.rpm
24cfdd3ed0d30a1d412399134d8498db18440b76 kernel-headers-2.6.22.9-91.fc7.ppc.rpm
639d02e70637a6661c1d3a96a1619c8726d6b3e7 kernel-smp-debuginfo-2.6.22.9-91.fc7.ppc.rpm
aabf6c673695d68195888c7e1ec83238297c51f4 kernel-smp-devel-2.6.22.9-91.fc7.ppc.rpm
86678b6613063d0991aeba5081962c4ebc0352d9 kernel-devel-2.6.22.9-91.fc7.ppc.rpm
054dbaa855191a325984177ae694e4fae0e89fa2 kernel-debuginfo-common-2.6.22.9-91.fc7.ppc.rpm
b4124e065729e3f15adbcdf0a5461c8ca88b25b6 kernel-debuginfo-2.6.22.9-91.fc7.ppc.rpm
ca12a6525962d0ec91423276c3bca74bbd233247 kernel-2.6.22.9-91.fc7.src.rpm

ChangeLog

2007-10-01 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Sun Solaris System Management Agent Buffer Overflow Vulnerability
	Sun Update Fixes Mozilla Thunderbird Multiple Vulnerabilities
	Sun Java JDK and JRE Code Execution and Security Bypass Issues
	Sun Solaris DNS Protocol Remote Cache Poisoning Vulnerability
	Sun Solaris Tomcat JSP/Servlet Container Multiple Vulnerabilities
	Sun Java System Access Manager XSLT Code Execution Vulnerability
	Sun Solaris 10 Adobe Reader Multiple Code Execution Vulnerabilities

	Oracle Products Multiple Code Execution and Security Bypass Issues
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

	Cisco Products Remote DNS Cache Poisoning Vulnerability
	Cisco Wide Area Application Services CUPS Remote Vulnerability
	Cisco UCM Denial of Service and Authentication Bypass Vulnerabilities
	Cisco Intrusion Prevention System Jumbo Frame Vulnerability
	Cisco VPN Client Deterministic Network Enhancer Privilege Escalation
	Cisco Products SNMPv3 Authentication Packets Vulnerabilities
	Cisco PIX and ASA Security Bypass and Denial of Service