EGI SVG Advisories

EGI CSIRT ADVISORY [EGI-ADV-20100930]

Title: RHEL4 patch for CVE-2010-3081 kernel vulnerability
Date: September 30, 2010
URL: https://advisories.egi.eu/CSIRT_Alerts/kernel-2010-09-30

The recently discussed vulnerability CVE-2010-3081 has been fixed also in
RHEL4 and its derivates (SL4/SLC4/CentOS4). We ask you please update all
your vulnerable kernels as soon as possible, mainly those where users have
access to (namely compute nodes, UI etc).

Although EGI CSIRT is not aware of any public exploit running on the RHEL4
family and thus will NOT enforce the 7-day mandatory patching policy, EGI
CSIRT STRONGLY recommends sites to perform the update as soon as possible.
EGI CSIRT will continue monitoring the situation. Should circumstance change
we might re-enforce the 7-day mandatory patching policy at any time.

References:

SLC4:
http://linux.web.cern.ch/linux/updates/updates-slc4.shtml#30.09.2010

SL4:
http://listserv.fnal.gov/scripts/wa.exe?A2=ind1009&L=scientific-linux-errata&T=0&P=2161

RedHat: https://rhn.redhat.com/errata/RHSA-2010-0718.html

CentOS:
http://lists.centos.org/pipermail/centos-announce/2010-September/017029.html

General information: https://access.redhat.com/kb/docs/DOC-40265