First published: Thu Apr 24 2014(Updated: )
The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br><li> A flaw was found in the way the Linux kernel's TCP/IP protocol suite</li> implementation handled TCP packets with both the SYN and FIN flags set.<br>A remote attacker could use this flaw to consume an excessive amount of<br>resources on the target system, potentially resulting in a denial of<br>service. (CVE-2012-6638, Moderate)<br><li> A flaw was found in the way the Linux kernel handled HID (Human Interface</li> Device) reports with an out-of-bounds Report ID. An attacker with physical<br>access to the system could use this flaw to crash the system or,<br>potentially, escalate their privileges on the system. (CVE-2013-2888,<br>Moderate)<br>This update also fixes the following bugs:<br><li> A previous change to the sunrpc code introduced a race condition between</li> the rpc_wake_up_task() and rpc_wake_up_status() functions. A race between<br>threads operating on these functions could result in a deadlock situation,<br>subsequently triggering a "soft lockup" event and rendering the system<br>unresponsive. This problem has been fixed by re-ordering tasks in the RPC<br>wait queue. (BZ#1073731)<br><li> Running a process in the background on a GFS2 file system could</li> sometimes trigger a glock recursion error that resulted in a kernel panic.<br>This happened when a readpage operation attempted to take a glock that had<br>already been held by another function. To prevent this error, GFS2 now<br>verifies whether the glock is already held when performing the readpage<br>operation. (BZ#1073953)<br><li> A previous patch backport to the IUCV (Inter User Communication Vehicle)</li> code was incomplete. Consequently, when establishing an IUCV connection,<br>the kernel could, under certain circumstances, dereference a NULL pointer,<br>resulting in a kernel panic. A patch has been applied to correct this<br>problem by calling the proper function when removing IUCV paths.<br>(BZ#1077045)<br>In addition, this update adds the following enhancement:<br><li> The lpfc driver had a fixed timeout of 60 seconds for SCSI task</li> management commands. With this update, the lpfc driver enables the user to<br>set this timeout within the range from 5 to 180 seconds. The timeout can<br>be changed by modifying the "lpfc_task_mgmt_tmo" parameter for the lpfc<br>driver. (BZ#1073123)<br>All kernel users are advised to upgrade to these updated packages, which<br>contain backported patches to correct these issues and add this<br>enhancement. The system must be rebooted for this update to take effect.<br>
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel | <2.6.18-371.8.1.el5 | 2.6.18-371.8.1.el5 |
redhat/kernel | <2.6.18-371.8.1.el5 | 2.6.18-371.8.1.el5 |
redhat/kernel-debug | <2.6.18-371.8.1.el5 | 2.6.18-371.8.1.el5 |
redhat/kernel-debug-debuginfo | <2.6.18-371.8.1.el5 | 2.6.18-371.8.1.el5 |
redhat/kernel-debug-devel | <2.6.18-371.8.1.el5 | 2.6.18-371.8.1.el5 |
redhat/kernel-debuginfo | <2.6.18-371.8.1.el5 | 2.6.18-371.8.1.el5 |
redhat/kernel-debuginfo-common | <2.6.18-371.8.1.el5 | 2.6.18-371.8.1.el5 |
redhat/kernel-devel | <2.6.18-371.8.1.el5 | 2.6.18-371.8.1.el5 |
redhat/kernel-doc | <2.6.18-371.8.1.el5 | 2.6.18-371.8.1.el5 |
redhat/kernel-headers | <2.6.18-371.8.1.el5 | 2.6.18-371.8.1.el5 |
redhat/kernel-xen | <2.6.18-371.8.1.el5 | 2.6.18-371.8.1.el5 |
redhat/kernel-xen-debuginfo | <2.6.18-371.8.1.el5 | 2.6.18-371.8.1.el5 |
redhat/kernel-xen-devel | <2.6.18-371.8.1.el5 | 2.6.18-371.8.1.el5 |
redhat/kernel-debug | <2.6.18-371.8.1.el5 | 2.6.18-371.8.1.el5 |
redhat/kernel-debug-debuginfo | <2.6.18-371.8.1.el5 | 2.6.18-371.8.1.el5 |
redhat/kernel-debug-devel | <2.6.18-371.8.1.el5 | 2.6.18-371.8.1.el5 |
redhat/kernel-debuginfo | <2.6.18-371.8.1.el5 | 2.6.18-371.8.1.el5 |
redhat/kernel-debuginfo-common | <2.6.18-371.8.1.el5 | 2.6.18-371.8.1.el5 |
redhat/kernel-devel | <2.6.18-371.8.1.el5 | 2.6.18-371.8.1.el5 |
redhat/kernel-headers | <2.6.18-371.8.1.el5 | 2.6.18-371.8.1.el5 |
redhat/kernel-xen | <2.6.18-371.8.1.el5 | 2.6.18-371.8.1.el5 |
redhat/kernel-xen-debuginfo | <2.6.18-371.8.1.el5 | 2.6.18-371.8.1.el5 |
redhat/kernel-xen-devel | <2.6.18-371.8.1.el5 | 2.6.18-371.8.1.el5 |
redhat/kernel-kdump | <2.6.18-371.8.1.el5 | 2.6.18-371.8.1.el5 |
redhat/kernel-kdump-debuginfo | <2.6.18-371.8.1.el5 | 2.6.18-371.8.1.el5 |
redhat/kernel-kdump-devel | <2.6.18-371.8.1.el5 | 2.6.18-371.8.1.el5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.