| Description: | The kernel packages contain the Linux kernel, the core of any Linux operating system.
A flaw was found in the way the Linux kernel's VFS subsystem handled file system locks. A local, unprivileged user could use this flaw to trigger a deadlock in the kernel, causing a denial of service on the system. (CVE-2014-8559, Moderate)
A buffer overflow flaw was found in the way the Linux kernel's virtio-net subsystem handled certain fraglists when the GRO (Generic Receive Offload) functionality was enabled in a bridged network configuration. An attacker on the local network could potentially use this flaw to crash the system, or, although unlikely, elevate their privileges on the system. (CVE-2015-5156, Moderate)
The CVE-2015-5156 issue was discovered by Jason Wang of Red Hat.
The kernel-rt packages have been upgraded to version 3.10.0-229.20.1, which provides a number of bug fixes and enhancements over the previous version, including:
Unexpected completion is detected on Intel Ethernet x540
Divide by zero error in intel_pstate_timer_func() [ inline s64 div_s64_rem() ]
NFS Recover from stateid-type error on SETATTR
pNFS RHEL 7.1 Data Server connection remains after umount due to lseg refcount leak
Race during NFS v4.0 recovery and standard IO.
Fix ip6t_SYNPROXY for namespaces and connection delay
synproxy window size and sequence number behaviour causes long connection delay
Crash in kmem_cache_alloc() during disk stress testing (using ipr)
xfs: sync/backport to upstream v4.1
iscsi_session recovery_tmo revert back to default when a path becomes active
read from MD raid1 can fail if read from resync target fails
backport scsi-mq
unable to handle kernel paging request at 0000000000237037 [zswap]
(BZ#1266915)
All kernel-rt users are advised to upgrade to these updated packages, which correct these issues and add this enhancement. The system must be rebooted for this update to take effect.
|