Updated kernel packages for Red Hat Linux 6.2 and 7.0 are now available that fix several security vulnerabilities.
The Linux kernel handles the basic functions of the operating system. A bug in the kernel module loader code allows a local user to gain root privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0127 to this issue. Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0001 to this issue. The Linux 2.2 kernel allows local users to cause a denial of service (crash) by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-1380 to this issue. All users of Red Hat Linux 6.2 and 7 should upgrade to these errata packages, which contain version 2.2.24 of the Linux kernel with patches and are not vulnerable to these issues.