title: kernel update link: https://onemoretech.wordpress.com/2008/09/06/kernel-update/ author: lembobro description: post_id: 457 created: 2008/09/06 19:45:58 created_gmt: 2008/09/06 19:45:58 comment_status: open post_name: kernel-update status: publish post_type: post

kernel update

Just installed the latest kernel update for CentOS 5, available 08/06/2008:

kernel-2.6.18-92.1.10.el5

The upstream advisory (dated 08/04/2008) is here. The advisory from U.S. CERT and NIST are here and here and here. The links given are to the National Vulnerability Database (NVD) hosted at NIST.

The original release date from CERT for the earliest of these was May 2, with the later ones being from May 16 and July 9 of this year.

This kernel update includes a number of bug fixes beyond the security issues noted above. Regards security, specifically, the Red Hat advisory states:

• a possible kernel memory leak was found in the Linux kernel Simple Internet Transition (SIT) INET6 implementation. This could allow a local unprivileged user to cause a denial of service. (CVE-2008-2136, Important)

• a flaw was found in the Linux kernel setrlimit system call, when setting RLIMIT_CPU to a certain value. This could allow a local unprivileged user to bypass the CPU time limit. (CVE-2008-1294, Moderate)

• multiple NULL pointer dereferences were found in various Linux kernel network drivers. These drivers were missing checks for terminal validity, which could allow privilege escalation. (CVE-2008-2812, Moderate)

The upgrade completed without incident. For the two machines with NVIDIA graphics, I took the opportunity to install the latest proprietary driver package. The same machines also run VMware Server, requiring me to run vmware-config.pl once the new kernel was in place.

Copyright 2004-2019 Phil Lembo