An update for kernel is now available for Red Hat Enterprise Linux 6.4 AdvancedUpdate Support.Red Hat Product Security has rated this update as having a security impact ofImportant.

A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
The kernel packages contain the Linux kernel, the core of any Linux operatingsystem.Security Fix(es):* Two flaws were found in the way the Linux kernel’s networking implementationhandled UDP packets with incorrect checksum values.

A remote attacker couldpotentially use these flaws to trigger an infinite loop in the kernel, resultingin a denial of service on the system, or cause a denial of service inapplications using the edge triggered epoll functionality. (CVE-2015-5364,CVE-2015-5366, Important)Bug Fix(es):* Prior to this update, if processes that generate interrupts were active duringthe guest shutdown sequence, the virtio driver in some cases did not correctlyclear the interrupts.

As a consequence, the guest kernel became unresponsive,which prevented the shutdown from completing. With this update, the virtiodriver processes interrupts more effectively, and guests now shut down reliablyin the described scenario. (BZ#1323568)* At a process or thread exit, when the Linux kernel undoes any SysV semaphoreoperations done previously (the ones done using semop with the SEM_UNDO flag),there was a possible flaw and race with another process or thread removing thesame semaphore set where the operations occurred, leading to possible use ofin-kernel-freed memory and then to possible unpredictable behavior.

This bugcould be noticed with software which uses IPC SysV semaphores, such as IBM DB2,which for example in certain cases could lead to some of its processes orutilities to get incorrectly stalled in some IPC semaphore operation or syscallafter the race or problem happened.

A patch has been provided to fix this bug,and the kernel now behaves as expected in the aforementioned scenario.(BZ#1326341)
For details on how to apply this update, which includes the changes described inthis advisory, refer to:https://access.redhat.com/articles/11258The system must be rebooted for this update to take effect.Red Hat Enterprise Linux Server AUS (v. 6.4)

SRPMS:
kernel-2.6.32-358.71.1.el6.src.rpm
    MD5: 8f357f65378d60f7cc09b6b867ba13f7SHA-256: 4e2fc691c0c834aa5cf1c69862d2c6ec50af3b0b81ed1247784dd75b7942c25a
 
x86_64:
kernel-2.6.32-358.71.1.el6.x86_64.rpm
    MD5: 4cae83f883a25f4aed0e21f7a2d36283SHA-256: 39f3f4d0dd6c2062933e71bcf75274a8f7378f65b580dc1c5fb3bcd51551292d
kernel-debug-2.6.32-358.71.1.el6.x86_64.rpm
    MD5: 69d6d44caa4923fa62acb5228def9dadSHA-256: d903b6ba9ee2d83637868291bf3fef4489bd3d6b1a0cbf44c72a8fe3b5ee2561
kernel-debug-debuginfo-2.6.32-358.71.1.el6.x86_64.rpm
    MD5: d0401f57b3233925dd3846e78613b488SHA-256: 6a72741e05d69631fb98cf5b51bb7cf7e79858716eeb97a66bbffcf57c933ed9
kernel-debug-devel-2.6.32-358.71.1.el6.x86_64.rpm
    MD5: 14e7234471758eb0d396547feddae4a9SHA-256: ae3915e9bf3b1428955bcb8a9497cdc76e9c0d22c5690680378b2a8558d01504
kernel-debuginfo-2.6.32-358.71.1.el6.x86_64.rpm
    MD5: 317c9e75716d12de82514b17c6ea3e40SHA-256: 10802d0ac1fa9ddeecb9fd4f665680050967124da902be6797638341c770531d
kernel-debuginfo-common-x86_64-2.6.32-358.71.1.el6.x86_64.rpm
    MD5: 58b18fec3d8dca06a388e9af870b6831SHA-256: 5b3aa32aa37d82ec5f6462dcd6c972b86122c2905e34c8be13ac500acb0b82f5
kernel-devel-2.6.32-358.71.1.el6.x86_64.rpm
    MD5: 114a413b2a1e319a9ae4ee1cdf4f3b00SHA-256: 7fa904d0d52e31e9af1700f4ab37e5b82d2ed464717ca0153f810c3ed5644398
kernel-doc-2.6.32-358.71.1.el6.noarch.rpm
    MD5: 7b429c5f9b98c83ecba4a7f96aeb4091SHA-256: 697d507e2c59dfeaaa071a4ee9a0096f2ada4b66ff7ee2c6c1c6eb8e028c1ff0
kernel-firmware-2.6.32-358.71.1.el6.noarch.rpm
    MD5: 54c18c9e402bfae756f0586d4ccb87f4SHA-256: 46f0d0738beb9b06ab1c3f9b00a1abb4d998a6c19624a5af349d19646dd74386
kernel-headers-2.6.32-358.71.1.el6.x86_64.rpm
    MD5: 60ac7a6085aaf8791a7c5569494feeebSHA-256: 8077f4643e43ab86e7c14f1ea3191c0609ab0c60e8ace7923cca34ed9a540873
perf-2.6.32-358.71.1.el6.x86_64.rpm
    MD5: cbebac87d6a5e45a1a049222dcb0e4c0SHA-256: 32e01e9bcfa50f4eeca20bbc0746777fb1aad1889a863bb771635894c88d2009
perf-debuginfo-2.6.32-358.71.1.el6.x86_64.rpm
    MD5: b888c715ee1249adeee4b29ae6410c77SHA-256: 5cd8910877f862d75e212cdde987c3110a4081b7254c3e7e91368ab73eadf741
python-perf-2.6.32-358.71.1.el6.x86_64.rpm
    MD5: f3a6b8df06d838899dc1cedcc4fccf22SHA-256: c08991e35c8ae4f18594570896d1617cd1477166317c40d88b5547c7b1f3855b
python-perf-debuginfo-2.6.32-358.71.1.el6.x86_64.rpm
    MD5: 2194e65ac8da438c90d5b4425d310f6cSHA-256: d536965503b2d7c7198374022b1678b49dbe026245b5382f88e7f3f595ebe1f0
 
(The unlinked packages above are only available from the Red Hat Network)

1239029 – CVE-2015-5366 CVE-2015-5364 kernel: net: incorrect processing of checksums in UDP implementation

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: