Red Hat Enterprise MRG

ソフト名：Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6) (Kernel.org Linux Kernel 2.6.x)

回避策：RHSA-2011:1253-01にて対応

脆弱性：セッション乗っ取り, セキュリティ制限の回避, 機密情報の奪取, 権限の昇格, DoS攻撃, システムアクセス, カーネルメモリ破壊, プロセス設定の操作, カーネルのクラッシュ, デリファレンスエラー, 二重解放エラー, メモリリーク, 展開処理エラー, システムコール, NULLポインタ参照エラー, バッファオーバーフロー, アロケーションエラー, アウトオブメモリ, CPUリソースの浪費, 整数オーバーフローエラー, 区域外メモリの読み出し

ソース：

http://www.redhat.com/mrg/

https://rhn.redhat.com/errata/RHSA-2011-1253.html

http://secunia.com/advisories/41493/

http://secunia.com/advisories/42964/

http://secunia.com/advisories/43009/

http://secunia.com/advisories/43496/

http://secunia.com/advisories/43576/

http://secunia.com/advisories/43594/

http://secunia.com/advisories/44091/

http://secunia.com/advisories/44094/

http://secunia.com/advisories/44164/

http://secunia.com/advisories/44220/

http://secunia.com/advisories/44248/

http://secunia.com/advisories/44466/

http://secunia.com/advisories/44754/

http://secunia.com/advisories/45193/

http://secunia.com/advisories/45236/

http://secunia.com/advisories/45253/

http://secunia.com/advisories/45994/

http://dvw-j.blogspot.com/2011/01/red-hat-enterprise-linux_21.html

http://dvw-j.blogspot.com/2011/01/kernelorg-linux-kernel.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_16.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_08.html

http://dvw-j.blogspot.com/2011/04/kernelorg-linux-kernel_13.html

http://dvw-j.blogspot.com/2011/04/kernelorg-linux-kernel_3728.html

http://dvw-j.blogspot.com/2011/04/kernelorg-linux-kernel_22.html

http://dvw-j.blogspot.com/2011/04/kernelorg-linux-kernel_26.html

http://dvw-j.blogspot.com/2011/04/kernelorg-linux-kernel_856.html

http://dvw-j.blogspot.com/2011/05/kernelorg-linux-kernel.html

http://dvw-j.blogspot.com/2011/06/kernelorg-linux-kernel_07.html

http://dvw-j.blogspot.com/2011/07/kernelorg-linux-kernel.html

http://dvw-j.blogspot.com/2011/07/red-hat-enterprise-linux_15.html

http://dvw-j.blogspot.com/2011/07/red-hat-enterprise-linux_19.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4243

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4526

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1020

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1021

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1090

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1160

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1478

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1479

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1494

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1495

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1576

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1577

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1585

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1593

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1598

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1745

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1746

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1748

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1767

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1768

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1770

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1776

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2022

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2183

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2484

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2491

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2492

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2495

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2496

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2497

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2517

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2695

CVE：CVE-2010-4243, CVE-2010-4526, CVE-2011-1020, CVE-2011-1021, CVE-2011-1090, CVE-2011-1160, CVE-2011-1478, CVE-2011-1479, CVE-2011-1494, CVE-2011-1495, CVE-2011-1576, CVE-2011-1577, CVE-2011-1585, CVE-2011-1593, CVE-2011-1598, CVE-2011-1745, CVE-2011-1746, CVE-2011-1748, CVE-2011-1767, CVE-2011-1768, CVE-2011-1770, CVE-2011-1776, CVE-2011-2022, CVE-2011-2183, CVE-2011-2484, CVE-2011-2491, CVE-2011-2492, CVE-2011-2495, CVE-2011-2496, CVE-2011-2497, CVE-2011-2517, CVE-2011-2695

危険性：Medium Risk

Red Hat Enterprise MRG

ソフト名：Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 5/6) (Cumin)

回避策：RHSA-2011:1249-1, RHSA-2011:1250-1にて対応

脆弱性：機密情報の奪取, 認証資格情報の奪取, 不正アクションの実行

ソース：

http://www.redhat.com/mrg/

https://rhn.redhat.com/errata/RHSA-2011-1249.html

https://rhn.redhat.com/errata/RHSA-2011-1250.html

http://secunia.com/advisories/45887/

http://secunia.com/advisories/45928/

http://dvw-j.blogspot.com/2011/09/cumin.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2925

CVE：CVE-2011-2925

危険性：Medium Risk

Red Hat Enterprise MRG

ソフト名：Red Hat Enterprise MRG v1 for Red Hat Enterprise Linux version 5 (Kernel.org Linux Kernel 2.6.x)

回避策：RHSA-2011:0500-1にて対応

脆弱性：セキュリティ制限の回避, 機密情報の奪取, 権限の昇格, DoS攻撃, システムアクセス, カーネルメモリ破壊, カーネルスタックメモリの曝露, カーネルのクラッシュ, メモリリーク, デッドロックエラー, バウンダリエラー, バッファオーバーフロー, NULLポインタ参照エラー, メモリ破壊

ソース：http://www.redhat.com/mrg/realtime/

https://rhn.redhat.com/errata/RHSA-2011-0500.html

http://secunia.com/advisories/43009/

http://secunia.com/advisories/43358/

http://secunia.com/advisories/43537/

http://secunia.com/advisories/43693/

http://secunia.com/advisories/43806/

http://secunia.com/advisories/44136/

http://secunia.com/advisories/44435/

http://secunia.com/advisories/44543/

http://dvw-j.blogspot.com/2011/01/kernelorg-linux-kernel.html

http://dvw-j.blogspot.com/2011/02/kernelorg-linux-kernel.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_02.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_3101.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_22.html

http://dvw-j.blogspot.com/2011/04/red-hat-enterprise-linux_15.html

http://dvw-j.blogspot.com/2011/05/novell-opensuse_05.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0695

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0711

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1010

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1013

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1019

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1078

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1079

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1080

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1082

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1093

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1163

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1170

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1171

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1172

CVE：CVE-2011-0695, CVE-2011-0711, CVE-2011-1010, CVE-2011-1013, CVE-2011-1019, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1082, CVE-2011-1093, CVE-2011-1163, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172

危険性：Medium Risk

Red Hat Enterprise MRG

ソフト名：Red Hat Enterprise MRG v1 (Red Hat Enterprise Linux (version 5)) (Kernel.org Linux Kernel 2.6.38-rc2未満)
回避策：RHSA-2011:0330-01にて対応
脆弱性：セキュリティ制限の回避, 機密情報の奪取, 権限の昇格, DoS攻撃
ソース：http://www.redhat.com/mrg/realtime/
https://rhn.redhat.com/errata/RHSA-2011-0330.html
http://secunia.com/advisories/41245/
http://secunia.com/advisories/42035/
http://secunia.com/advisories/42172/
http://secunia.com/advisories/42176/
http://secunia.com/advisories/42354/
http://secunia.com/advisories/42570/
http://secunia.com/advisories/43009/
http://dvw-j.blogspot.com/2010/12/linux-kernel.html
http://dvw-j.blogspot.com/2011/01/kernelorg-linux-kernel.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4250
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4346
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4347
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4565
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4668
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1044
CVE：CVE-2010-3477, CVE-2010-4160, CVE-2010-4162, CVE-2010-4163, CVE-2010-4165, CVE-2010-4242, CVE-2010-4248, CVE-2010-4249, CVE-2010-4250, CVE-2010-4346, CVE-2010-4347, CVE-2010-4565, CVE-2010-4648, CVE-2010-4649, CVE-2010-4655, CVE-2010-4656, CVE-2010-4668, CVE-2011-0521, CVE-2011-1044
危険性：Medium Risk

Red Hat Enterprise MRG

ソフト名：Red Hat Enterprise MRG v1 for Red Hat Enterprise Linux (version 5)
回避策：RHSA-2010:0958-1にて対応
脆弱性：機密情報の奪取, 権限の昇格, DoS攻撃
ソース：http://www.redhat.com/mrg/realtime/
https://rhn.redhat.com/errata/RHSA-2010-0958.html
http://secunia.com/advisories/41002/
http://secunia.com/advisories/41263/
http://secunia.com/advisories/41440/
http://secunia.com/advisories/41493/
http://secunia.com/advisories/41650/
http://secunia.com/advisories/41693/
http://secunia.com/advisories/42035/
http://secunia.com/advisories/42061/
http://secunia.com/advisories/42126/
http://secunia.com/advisories/42172/
http://secunia.com/advisories/42187/
http://secunia.com/advisories/42225/
http://secunia.com/advisories/42378/
http://secunia.com/advisories/42394/
http://dvw-j.blogspot.com/search/label/Debian%20GNU%2FLinux
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3858
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3861
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3874
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3880
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4169
CVE：CVE-2010-2962, CVE-2010-3432, CVE-2010-3442, CVE-2010-3705, CVE-2010-3858, CVE-2010-3861, CVE-2010-3874, CVE-2010-3876, CVE-2010-3880, CVE-2010-4072, CVE-2010-4073, CVE-2010-4074, CVE-2010-4075, CVE-2010-4077, CVE-2010-4079, CVE-2010-4080, CVE-2010-4082, CVE-2010-4083, CVE-2010-4157, CVE-2010-4158, CVE-2010-4169
危険性：Medium Risk

Red Hat Enterprise MRG

ソフト名：Red Hat Enterprise MRG 1
回避策：あり
脆弱性：DoS攻撃, ブローカーのクラッシュ
ソース：http://www.redhat.com/mrg/
http://www.securityfocus.com/bid/43870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3701
http://secunia.com/advisories/41734
CVE：CVE-2010-3701
危険性：Low Risk