Synopsis: Important: kernel security update Advisory ID: SLSA-2016:0450-1 Issue Date: 2016-03-15 CVE Numbers: CVE-2013-2596 CVE-2015-2151 -- * An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file (/dev/fb*) could possibly use this flaw to escalate their privileges on the system. (CVE-2013-2596, Important) * It was found that the Xen hypervisor x86 CPU emulator implementation did not correctly handle certain instructions with segment overrides, potentially resulting in a memory corruption. A malicious guest user could use this flaw to read arbitrary data relating to other guests, cause a denial of service on the host, or potentially escalate their privileges on the host. (CVE-2015-2151, Important) This update also fixes the following bugs: * Previously, the CPU power of a CPU group could be zero. As a consequence, a kernel panic occurred at "find_busiest_group+570" with do_divide_error. The provided patch ensures that the division is only performed if the CPU power is not zero, and the aforementioned panic no longer occurs. * Prior to this update, a bug occurred when performing an online resize of an ext4 file system which had been previously converted from ext3. As a consequence, the kernel crashed. The provided patch fixes online resizing for such file systems by limiting the blockgroup search loop for non- extent files, and the mentioned kernel crash no longer occurs. The system must be rebooted for this update to take effect. -- SL5 x86_64 kernel-2.6.18-409.el5.x86_64.rpm kernel-debug-2.6.18-409.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-409.el5.x86_64.rpm kernel-debug-devel-2.6.18-409.el5.x86_64.rpm kernel-debuginfo-2.6.18-409.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-409.el5.x86_64.rpm kernel-devel-2.6.18-409.el5.x86_64.rpm kernel-headers-2.6.18-409.el5.x86_64.rpm kernel-xen-2.6.18-409.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-409.el5.x86_64.rpm kernel-xen-devel-2.6.18-409.el5.x86_64.rpm i386 kernel-2.6.18-409.el5.i686.rpm kernel-PAE-2.6.18-409.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-409.el5.i686.rpm kernel-PAE-devel-2.6.18-409.el5.i686.rpm kernel-debug-2.6.18-409.el5.i686.rpm kernel-debug-debuginfo-2.6.18-409.el5.i686.rpm kernel-debug-devel-2.6.18-409.el5.i686.rpm kernel-debuginfo-2.6.18-409.el5.i686.rpm kernel-debuginfo-common-2.6.18-409.el5.i686.rpm kernel-devel-2.6.18-409.el5.i686.rpm kernel-headers-2.6.18-409.el5.i386.rpm kernel-xen-2.6.18-409.el5.i686.rpm kernel-xen-debuginfo-2.6.18-409.el5.i686.rpm kernel-xen-devel-2.6.18-409.el5.i686.rpm noarch kernel-doc-2.6.18-409.el5.noarch.rpm - Scientific Linux Development Team