Rapid7 Vulnerability & Exploit Database

CESA-2002:128: Updated kernel with information security fixes, bug fixes, and updated drivers

Back to Search

CESA-2002:128: Updated kernel with information security fixes, bug fixes, and updated drivers

Severity
2
CVSS
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
Published
12/31/2002
Created
07/25/2018
Added
03/12/2010
Modified
07/04/2017

Description

This kernel update is available for CentOS Linux Advanced Server 2.1. It includes a fix for an information security bug, various kernel bug fixes, and updated device drivers. [2002-07-29] This release is a rebuild for adding exported symbols for Veritas.

This kernel fixes an information security bug. When running enterprise kernels previous to version 2.4.9-e.8, information in the Intel SSE XMM registers could "leak" between processes under certain circumstances. This update also includes fixes for the following bugs: - Creation of an Oracle SGA greater than 8 GB on 16 GB or greater machine when using bigpages and shmfs - Sendmail running out of flocks - Unreliable rebooting with the "reboot=bios" boot option - Potential memory corruption on systems with more than 4 GB - An AIO write deadlock - IOAPIC warnings on one platform - Potentially miscompiled code in xor.h (though kernel engineering research does not indicate that our compiler miscompiles this code) This kernel also has extra exported symbols removed. This new kernel also includes several updated device drivers. The aic7xxx_mod driver has been updated to a new version, fixing several bugs, the tg3 driver has also been updated to a new version to fix various bugs, and the qla2300 driver has some small bug fixes and has been updated to work with the QLogic 2340 HBA and PowerVault 660F arrays. Additions to the SCSI LUNs "white list" have also been made to support more fibre channel arrays. [2002-07-29] This new kernel is a rebuild for adding exported symbols for Veritas.

Solution(s)

  • centos-upgrade-kernel
  • centos-upgrade-kernel-boot
  • centos-upgrade-kernel-debug
  • centos-upgrade-kernel-doc
  • centos-upgrade-kernel-enterprise
  • centos-upgrade-kernel-headers
  • centos-upgrade-kernel-smp
  • centos-upgrade-kernel-source
  • centos-upgrade-kernel-summit

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;