Critical Red Hat Enterprise Linux Kernel Update
Red Hat issued an update version of Linux operating system core called kernel that plugs various security holes for RHEL 5.x. This update has been rated as having important security impact. All users are advised to upgrade kernel package.
Security fixes:
a) A missing capability check was found in the Linux kernel do_change_type routine. This could allow a local unprivileged user to gain privileged access or cause a denial of service. (CVE-2008-2931, Important)
b) A flaw was found in the Linux kernel Direct-IO implementation. This could allow a local unprivileged user to cause a denial of service. (CVE-2007-6716, Important)
c) Tobias Klein reported a missing check in the Linux kernel Open Sound System (OSS) implementation. This deficiency could lead to a possible information leak. (CVE-2008-3272, Moderate)
d) a deficiency was found in the Linux kernel virtual filesystem (VFS) implementation. This could allow a local unprivileged user to attempt file creation within deleted directories, possibly causing a denial of service. (CVE-2008-3275, Moderate)
e) A flaw was found in the Linux kernel tmpfs implementation. This could allow a local unprivileged user to read sensitive information from the kernel. (CVE-2007-6417, Moderate)
Bug fix
a) A kernel crash may have occurred on heavily-used Samba servers after 24 to 48 hours of use.
b) On certain systems, if multiple InfiniBand queue pairs simultaneously fell into an error state, an overrun may have occurred, stopping traffic.
c) With bridging, when forward delay was set to zero, setting an interface to the forwarding state was delayed by one or possibly two timers, depending on whether STP was enabled. This may have caused long delays in moving an interface to the forwarding state. This issue caused packet loss when migrating virtual machines, preventing them from being migrated without interrupting applications.
How do I update my kernel?
Login as root and type:
# uname -mrs
# yum update
# reboot
# uname -mrs
E-mail this to a Friend
Printable Version
Ubuntu / Kubuntu Ubuntu Ver. 8.10 and Linux Training Library 2DVD+CD
You may also be interested in other helpful articles:
- Red Hat Enterprise Linux 5 IMPORTANT Security Update [ 4-Nov-2008 ]
- Critical Red hat / Fedora Linux Openssh Security Update
- Download Of The Day: Firefox 3.0.1 (Critical Security Update)
- Download Novell enterprise Linux service pack 1 - SP1
- Security Update for Red Hat Linux Kernel
Discussion on This Article:
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
Tags: CVE-2007-6417, CVE-2007-6716, CVE-2008-2931, CVE-2008-3272, CVE-2008-3275, denial of service, important security, information leak, kernel package, linux kernel, overrun, packet loss, reboot, red hat, samba servers, security fixes, security holes, stopping traffic, tobias klein, virtual machines, yum
Vivek,
is There this bug in CenOS 5.x ?
Minh,
CentOS is RHEL clone, so it affects to Centos too. Just run yum update to upgrade CentOS vanilla kernel.
Thanks Vivek.
Sorry for spamming