| Description: | The kernel packages contain the Linux kernel, the core of any Linuxoperating system.* It was found that Linux kernel's ptrace subsystem did not properlysanitize the address-space-control bits when the program-status word (PSW)was being set. On IBM S/390 systems, a local, unprivileged user could usethis flaw to set address-space-control bits to the kernel space, and thusgain read and write access to kernel memory. (CVE-2014-3534, Important)* It was found that the permission checks performed by the Linux kernelwhen a netlink message was received were not sufficient. A local,unprivileged user could potentially bypass these restrictions by passing anetlink socket as stdout or stderr to a more privileged process andaltering the output of this process. (CVE-2014-0181, Moderate)* It was found that a remote attacker could use a race condition flaw inthe ath_tx_aggr_sleep() function to crash the system by creating largenetwork traffic on the system's Atheros 9k wireless network adapter.(CVE-2014-2672, Moderate)* A flaw was found in the way the Linux kernel performed forking inside ofa transaction. A local, unprivileged user on a PowerPC system that supportstransactional memory could use this flaw to crash the system.(CVE-2014-2673, Moderate)* A race condition flaw was found in the way the Linux kernel's mac80211subsystem implementation handled synchronization between TX and STA wake-upcode paths. A remote attacker could use this flaw to crash the system.(CVE-2014-2706, Moderate)* An integer underflow flaw was found in the way the Linux kernel's StreamControl Transmission Protocol (SCTP) implementation processed certainCOOKIE_ECHO packets. By sending a specially crafted SCTP packet, a remoteattacker could use this flaw to prevent legitimate connections to aparticular SCTP server socket to be made. (CVE-2014-4667, Moderate)Red Hat would like to thank Martin Schwidefsky of IBM for reportingCVE-2014-3534, Andy Lutomirski for reporting CVE-2014-0181, and Gopal ReddyKodudula of Nokia Siemens Networks for reporting CVE-2014-4667.This update also fixes the following bugs:* Due to a NULL pointer dereference bug in the IPIP and SIT tunneling code,a kernel panic could be triggered when using IPIP or SIT tunnels withIPsec. This update restructures the related code to avoid a NULL pointerdereference and the kernel no longer panics when using IPIP or SIT tunnelswith IPsec. (BZ#1114957)* Previously, an IBM POWER8 system could terminate unexpectedly when thekernel received an IRQ while handling a transactional memory re-checkpointcritical section. This update ensures that IRQs are disabled in thissituation and the problem no longer occurs. (BZ#1113150)* A missing read memory barrier, rmb(), in the bnx2x driver caused thekernel to crash under various circumstances. This problem has been fixedby adding an rmb() call to the relevant place in the bnx2x code.(BZ#1107721)* The hpwdt driver previously emitted a panic message that was misleadingon certain HP systems. This update ensures that upon a kernel panic, hpwdtdisplays information valid on all HP systems. (BZ#1096961)* The qla2xxx driver has been upgraded to version 8.06.00.08.07.0-k3,which provides a number of bug fixes over the previous version in order tocorrect various timeout problems with the mailbox commands. (BZ#1112389)* The SCSI mid-layer could retry an I/O operation indefinitely if a storagearray repeatedly returned a CHECK CONDITION status to that I/O operationbut the sense data was invalid. This update fixes the problem by limitinga time for which is such an I/O operation retried. (BZ#1114468)All kernel users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues. The system must berebooted for this update to take effect. |