Please Install the Updated Packages.

The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Information leak flaws were found in the Linux kernel Traffic Control Unit implementation. A local attacker could use these flaws to cause the kernel to leak kernel memory to user-space, possibly leading to the disclosure of sensitive information. (CVE-2010-2942, Moderate) * A flaw was found in the tcf_act_police_dump() function in the Linux kernel network traffic policing implementation. A data structure in tcf_act_police_dump() was not initialized properly before being copied to user-space. A local, unprivileged user could use this flaw to cause an information leak. (CVE-2010-3477, Moderate) * A missing upper bound integer check was found in the sys_io_submit() function in the Linux kernel asynchronous I/O implementation. A local, unprivileged user could use this flaw to cause an information leak. (CVE-2010-3067, Low) Red Hat would like to thank Tavis Ormandy for reporting CVE-2010-3067. This update also fixes the following bugs: * When two systems using bonding devices in the adaptive load balancing (ALB) mode communicated with each other, an endless loop of ARP replies started between these two systems due to a faulty MAC address update. With this update, the MAC address update no longer creates unneeded ARP replies. (BZ#629239) * When running the Connectathon NFS Testsuite with certain clients and Red Hat Enterprise Linux 4.8 as the server, nfsvers4, lock, and test2 failed the Connectathon test. (BZ#625535) * For UDP/UNIX domain sockets, due to insufficient memory barriers in the network code, a process sleeping in select() may have missed notifications about new data. In rare cases, this bug may have caused a process to sleep forever. (BZ#640117) * In certain situations, a bug found in either the HTB or TBF network packet schedulers in the Linux kernel could have caused a kernel panic when using Broadcom network cards with the bnx2 driver. (BZ#624363) * Previously, allocating fallback cqr for DASD reserve/release IOCTLs failed because it used the memory pool of the respective device. This update preallocates sufficient memory for a single reserve/release request. (BZ#626828) * In some situations a bug prevented &quot force online&quot succeeding for a DASD device. (BZ#626827) * Using the &quot fsstress&quot utility may have caused a kernel panic. (BZ#633968) * This update introduces additional stack guard patches. (BZ#632515) * ... Description truncated, for more information please check the Reference URL

kernel on CentOS 4

• http://lists.centos.org/pipermail/centos-announce/2010-October/017107.html

---

Updated on 2015-03-25