Synopsis: Moderate: kernel security, bug fix, and enhancement update Advisory ID: SLSA-2014:0433-1 Issue Date: 2014-04-24 CVE Numbers: CVE-2013-2888 CVE-2012-6638 -- * A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled TCP packets with both the SYN and FIN flags set. A remote attacker could use this flaw to consume an excessive amount of resources on the target system, potentially resulting in a denial of service. (CVE-2012-6638, Moderate) * A flaw was found in the way the Linux kernel handled HID (Human Interface Device) reports with an out-of-bounds Report ID. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-2888, Moderate) This update also fixes the following bugs: * A previous change to the sunrpc code introduced a race condition between the rpc_wake_up_task() and rpc_wake_up_status() functions. A race between threads operating on these functions could result in a deadlock situation, subsequently triggering a "soft lockup" event and rendering the system unresponsive. This problem has been fixed by re-ordering tasks in the RPC wait queue. * Running a process in the background on a GFS2 file system could sometimes trigger a glock recursion error that resulted in a kernel panic. This happened when a readpage operation attempted to take a glock that had already been held by another function. To prevent this error, GFS2 now verifies whether the glock is already held when performing the readpage operation. * A previous patch backport to the IUCV (Inter User Communication Vehicle) code was incomplete. Consequently, when establishing an IUCV connection, the kernel could, under certain circumstances, dereference a NULL pointer, resulting in a kernel panic. A patch has been applied to correct this problem by calling the proper function when removing IUCV paths. In addition, this update adds the following enhancement: * The lpfc driver had a fixed timeout of 60 seconds for SCSI task management commands. With this update, the lpfc driver enables the user to set this timeout within the range from 5 to 180 seconds. The timeout can be changed by modifying the "lpfc_task_mgmt_tmo" parameter for the lpfc driver. The system must be rebooted for this update to take effect. -- SL5 x86_64 kernel-2.6.18-371.8.1.el5.x86_64.rpm kernel-debug-2.6.18-371.8.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-371.8.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-371.8.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-371.8.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-371.8.1.el5.x86_64.rpm kernel-devel-2.6.18-371.8.1.el5.x86_64.rpm kernel-headers-2.6.18-371.8.1.el5.x86_64.rpm kernel-xen-2.6.18-371.8.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-371.8.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-371.8.1.el5.x86_64.rpm i386 kernel-2.6.18-371.8.1.el5.i686.rpm kernel-PAE-2.6.18-371.8.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-371.8.1.el5.i686.rpm kernel-PAE-devel-2.6.18-371.8.1.el5.i686.rpm kernel-debug-2.6.18-371.8.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-371.8.1.el5.i686.rpm kernel-debug-devel-2.6.18-371.8.1.el5.i686.rpm kernel-debuginfo-2.6.18-371.8.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-371.8.1.el5.i686.rpm kernel-devel-2.6.18-371.8.1.el5.i686.rpm kernel-headers-2.6.18-371.8.1.el5.i386.rpm kernel-xen-2.6.18-371.8.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-371.8.1.el5.i686.rpm kernel-xen-devel-2.6.18-371.8.1.el5.i686.rpm noarch kernel-doc-2.6.18-371.8.1.el5.noarch.rpm - Scientific Linux Development Team