According to the kernel bug fix advisory, two security flaws have been discovered and patched in the Linux kernel 2.6.18 packages. The first one is related to the incorrect setting of a utrace flag, which caused the kernel to no longer handle the NULL pointer reference in the utrace_unsafe_exec() function, leading to a system crash. The second vulnerability is about a delay in the reset execution of newly changed firmware.
“Updated kernel packages that fix two bugs are now available for Red Hat Enterprise Linux 5. The kernel packages contain the Linux kernel, the core of any Linux operating system. […] Users of kernel are advised to upgrade to these updated packages, which fix these bugs. The system must be rebooted for this update to take effect,” reads the announcement.
Submitted by: Arnfried Walbrecht