CentOS Errata and Security Advisory CESA-2009:0001-01
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
These updated packages fix the following security issues:
a flaw was found in the IPv4 forwarding base. This could allow a local,
unprivileged user to cause a denial of service. (CVE-2007-2172,
Important)
a flaw was found in the handling of process death signals. This allowed a
local, unprivileged user to send arbitrary signals to the suid-process
executed by that user. Successful exploitation of this flaw depends on the
structure of the suid-program and its signal handling. (CVE-2007-3848,
Important)
when accessing kernel memory locations, certain Linux kernel drivers
registering a fault handler did not perform required range checks. A local,
unprivileged user could use this flaw to gain read or write access to
arbitrary kernel memory, or possibly cause a denial of service.
(CVE-2008-0007, Important)
a possible kernel memory leak was found in the Linux kernel Simple
Internet Transition (SIT) INET6 implementation. This could allow a local,
unprivileged user to cause a denial of service. (CVE-2008-2136, Important)
missing capability checks were found in the SBNI WAN driver which could
allow a local, unprivileged user to bypass intended capability
restrictions. (CVE-2008-3525, Important)
a flaw was found in the way files were written using truncate() or
ftruncate(). This could allow a local, unprivileged user to acquire the
privileges of a different group and obtain access to sensitive information.
(CVE-2008-4210, Important)
a race condition in the mincore system core allowed a local, unprivileged
user to cause a denial of service. (CVE-2006-4814, Moderate)
a flaw was found in the aacraid SCSI driver. This allowed a local,
unprivileged user to make ioctl calls to the driver which should otherwise
be restricted to privileged users. (CVE-2007-4308, Moderate)
two buffer overflow flaws were found in the Integrated Services Digital
Network (ISDN) subsystem. A local, unprivileged user could use these flaws
to cause a denial of service. (CVE-2007-6063, CVE-2007-6151, Moderate)
a flaw was found in the way core dump files were created. If a local,
unprivileged user could make a root-owned process dump a core file into a
user-writable directory, the user could gain read access to that core file,
potentially compromising sensitive information. (CVE-2007-6206, Moderate)
a deficiency was found in the Linux kernel virtual file system (VFS)
implementation. This could allow a local, unprivileged user to attempt file
creation within deleted directories, possibly causing a denial of service.
(CVE-2008-3275, Moderate)
All users of Red Hat Enterprise Linux 2.1 on 32-bit architectures should
upgrade to these updated packages which address these vulnerabilities. For
this update to take effect, the system must be rebooted.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-February/077738.html
Affected packages:
kernel
kernel-BOOT
kernel-debug
kernel-doc
kernel-enterprise
kernel-headers
kernel-smp
kernel-source
kernel-summit
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 2 | athlon | kernel | < 2.4.9-e.74 | kernel-2.4.9-e.74.athlon.rpm |
CentOS | 2 | i686 | kernel | < 2.4.9-e.74 | kernel-2.4.9-e.74.i686.rpm |
CentOS | 2 | i386 | kernel-boot | < 2.4.9-e.74 | kernel-BOOT-2.4.9-e.74.i386.rpm |
CentOS | 2 | i686 | kernel-debug | < 2.4.9-e.74 | kernel-debug-2.4.9-e.74.i686.rpm |
CentOS | 2 | i386 | kernel-doc | < 2.4.9-e.74 | kernel-doc-2.4.9-e.74.i386.rpm |
CentOS | 2 | i686 | kernel-enterprise | < 2.4.9-e.74 | kernel-enterprise-2.4.9-e.74.i686.rpm |
CentOS | 2 | i386 | kernel-headers | < 2.4.9-e.74 | kernel-headers-2.4.9-e.74.i386.rpm |
CentOS | 2 | athlon | kernel-smp | < 2.4.9-e.74 | kernel-smp-2.4.9-e.74.athlon.rpm |
CentOS | 2 | i686 | kernel-smp | < 2.4.9-e.74 | kernel-smp-2.4.9-e.74.i686.rpm |
CentOS | 2 | i386 | kernel-source | < 2.4.9-e.74 | kernel-source-2.4.9-e.74.i386.rpm |