(RHSA-2010:0424) Important: kernel security and enhancement update

2010-05-18T04:00:00
ID RHSA-2010:0424
Type redhat
Reporter RedHat
Modified 2017-09-08T11:56:11

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

This update fixes the following security issue:

  • a use-after-free flaw was found in the tcp_rcv_state_process() function in the Linux kernel TCP/IP protocol suite implementation. If a system using IPv6 had the IPV6_RECVPKTINFO option set on a listening socket, a remote attacker could send an IPv6 packet to that system, causing a kernel panic (denial of service). (CVE-2010-1188, Important)

This update also adds the following enhancement:

  • kernel support for the iptables connlimit module. This module can be used to help mitigate some types of denial of service attacks. Note: This update alone does not address connlimit support. A future iptables package update will allow connlimit to work correctly. (BZ#563222)

Users should upgrade to these updated packages, which contain backported patches to correct this issue and add this enhancement. The system must be rebooted for this update to take effect.