| Description: | Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the CESA-2019:0717 advisory.
Vulnerability Insight:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es):
* kernel: Missing check in fs/inode.c:inode_init_owner() does not clear
SGID bit on non-directories for non-members (CVE-2018-13405)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* sched/sysctl: Check user input value of sysctl_sched_time_avg
(BZ#1579128)
* unable to handle kernel NULL pointer dereference at 000000000000005d in
tcp_enter_frto+0x102 (BZ#1585892)
* qla2xxx: Mask Off Scope bits for Retry delay timer in the driver
(BZ#1588133)
* [PATCH] perf: Fix a race between ring_buffer_detach() and
ring_buffer_wakeup() (BZ#1589340)
* RHEL6.10 - kernel: improve spectre mitigation for s390x (BZ#1625381)
* kernel panic due to NULL pointer dereference in __wake_up_common through
perf_event_wakeup (BZ#1627672)
* After upgrading from rhel 6.9 to rhel 6.10, files in a cifs share can't
be read (BZ#1636484)
* Retpoline impact on vdso gettimeofday performance (BZ#1638552)
* [RHEL 6.10] 32-bit kernel-2.6.32-754.3.5 registers the swap of 4k size
only (BZ#1670328)
Affected Software/OS:
'kernel' package(s) on CentOS 6.
Solution:
Please install the updated package(s).
CVSS Score:
4.6
CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
