Please Install the Updated Packages.

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * a NULL pointer dereference flaw was found in the Linux kernel NFSv4 implementation. Several of the NFSv4 file locking functions failed to check whether a file had been opened on the server before performing locking operations on it. A local, unprivileged user on a system with an NFSv4 share mounted could possibly use this flaw to cause a kernel panic (denial of service) or escalate their privileges. (CVE-2009-3726, Important) * a flaw was found in the sctp_process_unk_param() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially-crafted SCTP packet to an SCTP listening port on a target system, causing a kernel panic (denial of service). (CVE-2010-1173, Important) * a race condition between finding a keyring by name and destroying a freed keyring was found in the Linux kernel key management facility. A local, unprivileged user could use this flaw to cause a kernel panic (denial of service) or escalate their privileges. (CVE-2010-1437, Important) Red Hat would like to thank Simon Vallet for responsibly reporting CVE-2009-3726 and Jukka Taimisto and Olli Jarva of Codenomicon Ltd, Nokia Siemens Networks, and Wind River on behalf of their customer, for responsibly reporting CVE-2010-1173. Bug fixes: * RHBA-2007:0791 introduced a regression in the Journaling Block Device (JBD). Under certain circumstances, removing a large file (such as 300 MB or more) did not result in inactive memory being freed, leading to the system having a large amount of inactive memory. Now, the memory is correctly freed. (BZ#589155) * the timer_interrupt() routine did not scale lost real ticks to logical ticks correctly, possibly causing time drift for 64-bit Red Hat Enterprise Linux 4 KVM (Kernel-based Virtual Machine) guests that were booted with the &quot divider=x&quot kernel parameter set to a value greater than 1. &quot warning: many lost ticks&quot messages may have been logged on the affected guest systems. (BZ#590551) * a bug could have prevented NFSv3 clients from having the most up-to-date file attributes for files on a given NFSv3 file system. In cases where a file type changed, such as if a file was removed and replaced with a directory of the same name, the NFSv3 client may not have noticed this change until stat(2) was called (for example, by running &quot ls -l&quot ). (BZ#596372) * RHBA-2007:0791 introduced bugs in the Li ... Description truncated, for more information please check the Reference URL

kernel on CentOS 4

• http://lists.centos.org/pipermail/centos-announce/2010-August/016934.html

---

Updated on 2015-03-25