CentOS 6 ELS: kernel gradual rollout completed

A new CentOS 6 kernel within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production repository.

CHANGELOG

kernel-2.6.32-754.35.8.el6

• ELSCVE-666: CVE-2021-34693: can: bcm: fix infoleak in struct bcm_msg_head
• ELSCVE-705: CVE-2021-38160: virtio_console: Assure used length from device is limited
• ELSCVE-769: CVE-2014-4508: x86_32, entry: Do syscall exit work on badsys (CVE-2014-4508)
• ELSCVE-844: CVE-2021-3573: Bluetooth: use correct lock to prevent UAF of hdev object
• ELSCVE-503: CVE-2021-32399: bluetooth: eliminate the potential race condition when removing the HCI controller
• ELSCVE-451: CVE-2021-37159: hso: fix a use after free condition
• ELSCVE-387: CVE-2021-38205: net: xilinx_emaclite: Do not print real IOMEM pointer
• ELSCVE-547: CVE-2021-3178: nfsd4: readdirplus shouldn’t return parent of export
• ELSCVE-547: nfsd: fix compose_entry_fh() failure exits
• ELSCVE-547: nfsd: make local functions static
• ELSCVE-682: CVE-2021-20265: af_unix: fix struct pid memory leak
• ELSCVE-531: CVE-2021-20292: drm/ttm/nouveau: don’t call tt destroy callback on alloc failure.
• ELSCVE-543: CVE-2021-28972: PCI: rpadlpar: Fix potential drc_name corruption in store functions
• ELSCVE-575: CVE-2021-3612: Input: joydev – prevent use of not validated data in JSIOCSBTNMAP ioctl
• ELSCVE-575: Input: joydev – prevent potential read overflow in ioctl
• ELSCVE-575: Input: joydev – fix possible ERR_PTR() dereferencing
• ELSCVE-575: Input: joydev – use memdup_user() to duplicate memory from user-space

UPDATE COMMAND

yum update kernel-*