Difference between revisions of "EGI CSIRT:Alerts/kernel-2010-09-30"
Jump to navigation Jump to search
Revision as of 19:56, 30 September 2010
EGI CSIRT ADVISORY [EGI-ADV-20100930] Title: RHEL4 patch for CVE-2010-3081 kernel vulnerability Date: September 30, 2010 URL: https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/kernel-2010-09-30 The recently discussed vulnerability CVE-2010-3081 has been fixed also in RHEL4 and its derivates (SL4/SLC4/CentOS4). We ask you please update all your vulnerable kernels as soon as possible, mainly those where users have access to (namely compute nodes, UI etc). Although EGI CSIRT is not aware of any public exploit running on the RHEL4 family and thus will NOT enforce the 7-day mandatory patching policy, EGI CSIRT STRONGLY recommends sites to perform the update as soon as possible. EGI CSIRT will continue monitoring the situation. Should circumstance change we might re-enforce the 7-day mandatory patching policy at any time. References: SLC4: http://linux.web.cern.ch/linux/updates/updates-slc4.shtml#30.09.2010 SL4: http://listserv.fnal.gov/scripts/wa.exe?A2=ind1009&L=scientific-linux-errata&T=0&P=2161 RedHat: https://rhn.redhat.com/errata/RHSA-2010-0718.html CentOS: http://lists.centos.org/pipermail/centos-announce/2010-September/017029.html General information: https://access.redhat.com/kb/docs/DOC-40265