Lucene search

K
centos
CentOS ProjectCESA-2010:0020
HistoryJan 14, 2010 - 11:48 p.m.

kernel security update

2010-01-1423:48:52
CentOS Project
lists.centos.org
51

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.055 Low

EPSS

Percentile

92.9%

CentOS Errata and Security Advisory CESA-2010:0020

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

  • a flaw was found in each of the following Intel PRO/1000 Linux drivers in
    the Linux kernel: e1000 and e1000e. A remote attacker using packets larger
    than the MTU could bypass the existing fragment check, resulting in
    partial, invalid frames being passed to the network stack. These flaws
    could also possibly be used to trigger a remote denial of service.
    (CVE-2009-4536, CVE-2009-4538, Important)

  • a flaw was found in the Realtek r8169 Ethernet driver in the Linux
    kernel. Receiving overly-long frames with network cards supported by this
    driver could possibly result in a remote denial of service. (CVE-2009-4537,
    Important)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2010-January/078613.html
https://lists.centos.org/pipermail/centos-announce/2010-January/078614.html

Affected packages:
kernel
kernel-devel
kernel-doc
kernel-hugemem
kernel-hugemem-devel
kernel-largesmp
kernel-largesmp-devel
kernel-smp
kernel-smp-devel
kernel-xenU
kernel-xenU-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2010:0020

How to protect your server from attacks?

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.055 Low

EPSS

Percentile

92.9%

Related for CESA-2010:0020