RHSA-2015:1623: Important: kernel security and bug fix update

First published: Thu Aug 13 2015(Updated: )

The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br>Two flaws were found in the way the Linux kernel's networking<br>implementation handled UDP packets with incorrect checksum values. A remote<br>attacker could potentially use these flaws to trigger an infinite loop in<br>the kernel, resulting in a denial of service on the system, or cause a<br>denial of service in applications using the edge triggered epoll<br>functionality. (CVE-2015-5364, CVE-2015-5366, Important)<br>This update also fixes the following bugs:<br><li> When removing a directory, and a reference was held to that directory by</li> a reference to a negative child dentry, the directory dentry was previously<br>not killed. In addition, once the negative child dentry was killed, an<br>unlinked and unused dentry was present in the cache. As a consequence,<br>deadlock could be caused by forcing the dentry eviction while the file<br>system in question was frozen. With this update, all unused dentries are<br>unhashed and evicted just after a successful directory removal, which<br>avoids the deadlock, and the system no longer hangs in the aforementioned<br>scenario. (BZ#1243400)<br><li> Due to the broken s_umount lock ordering, a race condition occurred when</li> an unlinked file was closed and the sync (or syncfs) utility was run at the<br>same time. As a consequence, deadlock occurred on a frozen file system<br>between sync and a process trying to unfreeze the file system. With this<br>update, sync (or syncfs) is skipped on a frozen file system, and deadlock<br>no longer occurs in the aforementioned situation. (BZ#1243404)<br><li> Previously, in the scenario when a file was opened by file handle</li> (fhandle) with its dentry not present in dcache ("cold dcache") and then<br>making use of the unlink() and close() functions, the inode was not freed<br>upon the close() system call. As a consequence, the iput() final was<br>delayed indefinitely. A patch has been provided to fix this bug, and the<br>inode is now freed as expected. (BZ#1243406)<br><li> Due to a corrupted Executable and Linkable Format (ELF) header in the</li> /proc/vmcore file, the kdump utility failed to provide any information.<br>The underlying source code has been patched, and kdump now provides<br>debuging information for kernel crashes as intended. (BZ#1245195)<br><li> Previously, running the multipath request queue caused regressions in</li> cases where paths failed regularly under I/O load. This regression<br>manifested as I/O stalls that exceeded 300 seconds. This update reverts the<br>changes aimed to reduce running the multipath request queue resulting in<br>I/O completing in a timely manner. (BZ#1246095)<br>All kernel users are advised to upgrade to these updated packages, which<br>contain backported patches to correct these issues. The system must be<br>rebooted for this update to take effect.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• anchor-id/RHSA-2015:1623
• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness
• package-manager/redhat