CESA-2013:X018 Important Xen4CentOS kernel Security Update - announce

28 Dec 2013


      CentOS Errata and Security Advisory 2013:X018 (Xen4CentOS)
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
-----------------------------
X86_64
-----------------------------
2ac8f3b6799eac04c6fc5fe054a68d00bdf914f173087a7802c9bce8b4366e48 e1000e-2.5.4-3.10.25.2.el6.centos.alt.x86_64.rpm
ac80d6e58bc9fd234b4baf3f51e35ef01a61ae592b0214cdc92af62565463e43 kernel-3.10.25-11.el6.centos.alt.x86_64.rpm
35cf6745c91e45cf90657baedde114f5e7911a59d8a0764d22f95c236462f3d8 kernel-devel-3.10.25-11.el6.centos.alt.x86_64.rpm
80af2fa6099081cf4ca7500551ab927a2f66fde7dbbfeac5fd9511f5c134b943 kernel-doc-3.10.25-11.el6.centos.alt.noarch.rpm
4b1695185de72f03cb530b29baf5fede27601ddd710b00f62e3978e8273417ac kernel-firmware-3.10.25-11.el6.centos.alt.noarch.rpm
be1d1b7b7dd9100859bac1eb4bb6441eb206478aa0a36912dd83b760984ebd1f kernel-headers-3.10.25-11.el6.centos.alt.x86_64.rpm
e237b1dbbd40285da0a616679adc6674eb6e6f86855e857b886b66cc402a4fab perf-3.10.25-11.el6.centos.alt.x86_64.rpm
-----------------------------
Source:
-----------------------------
6babccc82261cf25110059cdc8e0365e8a2fa085a0009501ed24fee15760 e1000e-2.5.4-3.10.25.2.el6.centos.alt.src.rpm
3197faef868a5637acef74b626723ff75eaa4fc5082a8c79165178418c683c54 kernel-3.10.25-11.el6.centos.alt.src.rpm
=====================================================
Kernel Changelog info from the SPEC file:
* Sat Dec 27 2013 Johnny Hughes johnny@centos.org 3.10.25-11
- addresses CVE-2013-4587, CVE-2013-6367, CVE-2013-6368, CVE-2013-6376
e1000e Changelog info from the SPEC file:
* Fri Dec 27 2013 Johnny Hughes johnny@centos.org - 2.5.4-3.10.25.2.el6.centos.alt
- build against version 3.10.25 kernel
=====================================================
The following kernel changelogs are available from kernel.org since the previous kernel:
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.25
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.24
=====================================================
The following security issues are addressed in this update:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4587
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6367
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6368
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6376
=====================================================
NOTE: You must run /usr/bin/grub-bootxen.sh to update the file
      /boot/grub/grub.conf (or you must update that file manually)
      to boot the new kernel on a dom0 xen machine.  See for info:
      http://wiki.centos.org/HowTos/Xen/Xen4QuickStart
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net