Synopsis: Moderate: kernel security, bug fix, and enhancement update Issue date: 2011-02-22 CVE Names: CVE-2010-4165 CVE-2010-4169 CVE-2010-4243 This update fixes the following security issues: * A divide-by-zero flaw was found in the tcp_select_initial_window() function in the Linux kernel's TCP/IP protocol suite implementation. A local, unprivileged user could use this flaw to trigger a denial of service by calling setsockopt() with certain options. (CVE-2010-4165, Moderate) * A use-after-free flaw in the mprotect() system call in the Linux kernel could allow a local, unprivileged user to cause a local denial of service. (CVE-2010-4169, Moderate) * A flaw was found in the Linux kernel execve() system call implementation. A local, unprivileged user could cause large amounts of memory to be allocated but not visible to the OOM (Out of Memory) killer, triggering a denial of service. (CVE-2010-4243, Moderate) This update also fixes several bugs and adds two enhancements. The system must be rebooted for this update to take effect. SL 6.x SRPMS: kernel-2.6.32-71.18.1.el6.src.rpm i386: kernel-2.6.32-71.18.1.el6.i686.rpm kernel-debug-2.6.32-71.18.1.el6.i686.rpm kernel-debug-devel-2.6.32-71.18.1.el6.i686.rpm kernel-devel-2.6.32-71.18.1.el6.i686.rpm kernel-doc-2.6.32-71.18.1.el6.noarch.rpm kernel-firmware-2.6.32-71.18.1.el6.noarch.rpm kernel-headers-2.6.32-71.18.1.el6.i686.rpm perf-2.6.32-71.18.1.el6.noarch.rpm x86_64: kernel-2.6.32-71.18.1.el6.x86_64.rpm kernel-debug-2.6.32-71.18.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-71.18.1.el6.x86_64.rpm kernel-devel-2.6.32-71.18.1.el6.x86_64.rpm kernel-doc-2.6.32-71.18.1.el6.noarch.rpm kernel-firmware-2.6.32-71.18.1.el6.noarch.rpm kernel-headers-2.6.32-71.18.1.el6.x86_64.rpm perf-2.6.32-71.18.1.el6.noarch.rpm -Connie Sieh -Troy Dawson