Please Install the Updated Packages.

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * a system with SELinux enforced was more permissive in allowing local users in the unconfined_t domain to map low memory areas even if the mmap_min_addr restriction was enabled. This could aid in the local exploitation of NULL pointer dereference bugs. (CVE-2009-2695, Important) * a NULL pointer dereference flaw was found in the eCryptfs implementation in the Linux kernel. A local attacker could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2908, Important) * a flaw was found in the NFSv4 implementation. The kernel would do an unnecessary permission check after creating a file. This check would usually fail and leave the file with the permission bits set to random values. Note: This is a server-side only issue. (CVE-2009-3286, Important) * a NULL pointer dereference flaw was found in each of the following functions in the Linux kernel: pipe_read_open(), pipe_write_open(), and pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could be released by other processes before it is used to update the pipe's reader and writer counters. This could lead to a local denial of service or privilege escalation. (CVE-2009-3547, Important) * a flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel. pci_unmap_single() presented a memory leak that could lead to IOMMU space exhaustion and a system crash. An attacker on the local network could abuse this flaw by using jumbo frames for large amounts of network traffic. (CVE-2009-3613, Important) * missing initialization flaws were found in the Linux kernel. Padding data in several core network structures was not initialized properly before being sent to user-space. These flaws could lead to information leaks. (CVE-2009-3228, Moderate) Bug fixes: * with network bonding in the &quot balance-tlb&quot or &quot balance-alb&quot mode, the primary setting for the primary slave device was lost when said device was brought down. Bringing the slave back up did not restore the primary setting. (BZ#517971) * some faulty serial device hardware caused systems running the kernel-xen kernel to take a very long time to boot. (BZ#524153) * a caching bug in nfs_readdir() may have caused NFS clients to see duplicate files or not see all files in a directory. (BZ#526960) * the RHSA-2009:1243 update removed the mpt_msi_enable option, preventing certain scripts from running. This update adds the o ... Description truncated, for more information please check the Reference URL

kernel on CentOS 5

• http://lists.centos.org/pipermail/centos-announce/2009-November/016304.html

---

Updated on 2015-03-25