CESA-2010:0606 -- centos 4 x86_64 kernelID: oval:org.secpod.oval:def:201779 | Date: (C)2012-01-31 (M)2024-01-02 |
Class: PATCH | Family: unix |
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * a flaw was found in the CIFSSMBWrite function in the Linux kernel Common Internet File System implementation. A remote attacker could send a specially-crafted SMB response packet to a target CIFS client, resulting in a kernel panic . * buffer overflow flaws were found in the Linux kernel"s implementation of the server-side External Data Representation for the Network File System version 4. An attacker on the local network could send a specially-crafted large compound request to the NFSv4 server, which could possibly result in a kernel panic or, potentially, code execution. This update also fixes the following bug: * the rpc_call_async function in the SUN Remote Procedure Call subsystem in the Linux kernel had a reference counting bug. In certain situations, some Network Lock Manager messages may have triggered this bug on NFSv2 and NFSv3 servers, leading to a kernel panic . Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.