[CentOS-announce] CESA-2013:X018 Important Xen4CentOS kernel Security Update

Sat Dec 28 16:38:45 UTC 2013
Johnny Hughes <johnny at centos.org>

CentOS Errata and Security Advisory 2013:X018 (Xen4CentOS)

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

-----------------------------
X86_64
-----------------------------

2ac8f3b6799eac04c6fc5fe054a68d00bdf914f173087a7802c9bce8b4366e48 e1000e-2.5.4-3.10.25.2.el6.centos.alt.x86_64.rpm
ac80d6e58bc9fd234b4baf3f51e35ef01a61ae592b0214cdc92af62565463e43 kernel-3.10.25-11.el6.centos.alt.x86_64.rpm
35cf6745c91e45cf90657baedde114f5e7911a59d8a0764d22f95c236462f3d8 kernel-devel-3.10.25-11.el6.centos.alt.x86_64.rpm
80af2fa6099081cf4ca7500551ab927a2f66fde7dbbfeac5fd9511f5c134b943 kernel-doc-3.10.25-11.el6.centos.alt.noarch.rpm
4b1695185de72f03cb530b29baf5fede27601ddd710b00f62e3978e8273417ac kernel-firmware-3.10.25-11.el6.centos.alt.noarch.rpm
be1d1b7b7dd9100859bac1eb4bb6441eb206478aa0a36912dd83b760984ebd1f kernel-headers-3.10.25-11.el6.centos.alt.x86_64.rpm
e237b1dbbd40285da0a616679adc6674eb6e6f86855e857b886b66cc402a4fab perf-3.10.25-11.el6.centos.alt.x86_64.rpm

-----------------------------
Source:
-----------------------------

6babccc82261cf25110059cdc8e0365e8a2fa085a0009501ed24fee15760 e1000e-2.5.4-3.10.25.2.el6.centos.alt.src.rpm
3197faef868a5637acef74b626723ff75eaa4fc5082a8c79165178418c683c54 kernel-3.10.25-11.el6.centos.alt.src.rpm

=====================================================

Kernel Changelog info from the SPEC file:

* Sat Dec 27 2013 Johnny Hughes <johnny at centos.org> 3.10.25-11
- addresses CVE-2013-4587, CVE-2013-6367, CVE-2013-6368, CVE-2013-6376

e1000e Changelog info from the SPEC file:

* Fri Dec 27 2013 Johnny Hughes <johnny at centos.org> - 2.5.4-3.10.25.2.el6.centos.alt
- build against version 3.10.25 kernel

=====================================================

The following kernel changelogs are available from kernel.org since the previous kernel:

https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.25
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.24

=====================================================

The following security issues are addressed in this update:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4587
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6367
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6368
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6376

=====================================================

NOTE: You must run /usr/bin/grub-bootxen.sh to update the file
      /boot/grub/grub.conf (or you must update that file manually)
      to boot the new kernel on a dom0 xen machine.  See for info:
      http://wiki.centos.org/HowTos/Xen/Xen4QuickStart
 
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net