kernel security update

2010-10-26T02:38:54
ID CESA-2010:0792
Type centos
Reporter CentOS Project
Modified 2010-10-26T02:38:54

Description

CentOS Errata and Security Advisory CESA-2010:0792

The kernel packages contain the Linux kernel, the core of any Linux operating system.

This update fixes the following security issue:

  • The rds_page_copy_user() function in the Linux kernel Reliable Datagram Sockets (RDS) protocol implementation was missing sanity checks. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2010-3904, Important)

Red Hat would like to thank Dan Rosenberg of Virtual Security Research for reporting this issue.

Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2010-October/017121.html http://lists.centos.org/pipermail/centos-announce/2010-October/017122.html

Affected packages: kernel kernel-PAE kernel-PAE-devel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-headers kernel-xen kernel-xen-devel

Upstream details at: https://rhn.redhat.com/errata/RHSA-2010-0792.html