I know it's not what linux admins are used to but remember to reboot your
machines after you ever install a new kernel as part of a yum update. This is
the only way of booting from that new kernel and getting the patches/protection
required.
I recently took ownership of a box the other day, the previous sysadmin had done
a great job keeping it patched however as he hadn't been rebooting for kernel
updates. The kernel he was running was VERY old and had a number of security
holes in it which had anyone gotten in would have easily elevated their
permissions to root. I know it's a pain but a simple reboot fixed this.
Dan