CentOS Linux Kernel Update 2.6.32-431.1.2 Released

IMPORTANT: This kernel version has a bug which may prevent your system from booting, due to an unsigned kernel module. If you have this kernel installed, please ensure that you update to 2.6.32-431.1.2.0.1 before rebooting. More info: http://bugs.centos.org/view.php?id=6831

CentOS Linux kernel 2.6.32-431.1.2 has just been released.

Update type(s): security, bug fix and enhancement

CVEs:

CVE-2013-2141
CVE-2013-4470
CVE-2013-6367
CVE-2013-6368

* A flaw was found in the way the Linux kernel’s TCP/IP protocol suite
implementation handled sending of certain UDP packets over sockets that
used the UDP_CORK option when the UDP Fragmentation Offload (UFO) feature
was enabled on the output device. A local, unprivileged user could use this
flaw to cause a denial of service or, potentially, escalate their
privileges on the system. (CVE-2013-4470, Important)

* A divide-by-zero flaw was found in the apic_get_tmcct() function in KVM’s
Local Advanced Programmable Interrupt Controller (LAPIC) implementation.
A privileged guest user could use this flaw to crash the host.
(CVE-2013-6367, Important)

* A memory corruption flaw was discovered in the way KVM handled virtual
APIC accesses that crossed a page boundary. A local, unprivileged user
could use this flaw to crash the system or, potentially, escalate their
privileges on the system. (CVE-2013-6368, Important)

* An information leak flaw in the Linux kernel could allow a local,
unprivileged user to leak kernel memory to user space. (CVE-2013-2141, Low)

Full details can be found here.

Updating the Kernel

You can either initiate a full yum update:

yum update

Alternatively, just update the kernel packages:

yum update "kernel-*"

As this has just been released, your preferred CentOS yum mirror may not have the update yet. In this case. you may need to wait a few hours for the update to become available. Cached repo data can also prevent new updates from being found. To clear your yum cache, run: