CESA-2009:1541 -- centos 4 i386 kernelID: oval:org.secpod.oval:def:200623 | Date: (C)2012-01-31 (M)2024-02-19 |
Class: PATCH | Family: unix |
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * a NULL pointer dereference flaw was found in each of the following functions in the Linux kernel: pipe_read_open, pipe_write_open, and pipe_rdwr_open. When the mutex lock is not held, the i_pipe pointer could be released by other processes before it is used to update the pipe"s reader and writer counters. This could lead to a local denial of service or privilege escalation. Users should upgrade to these updated packages, which contain a backported patch to correct these issues. The system must be rebooted for this update to take effect.