[merlin]

The Linux kernel handles the basic functions of the operating system.

A bug in the kernel module loader code allows a local user to gain root
privileges. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0127 to this issue.

Multiple ethernet Network Interface Card (NIC) device drivers do not pad
frames with null bytes, which allows remote attackers to obtain information
from previous packets or kernel memory by using malformed packets. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2003-0001 to this issue.

The Linux 2.2 kernel allows local users to cause a denial of service
(crash) by using the mmap() function with a PROT_READ parameter to access
non-readable memory pages through the /proc/pid/mem interface. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2002-1380 to this issue.

All users of Red Hat Linux 6.2 and 7 should upgrade to these errata
packages, which contain version 2.2.24 of the Linux kernel with patches and
are not vulnerable to these issues.


For howto and kernel upgrades click here