kernel security update

CentOS Errata and Security Advisory CESA-2014:1143

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

• An out-of-bounds memory access flaw was found in the Linux kernel’s
  system call auditing implementation. On a system with existing audit rules
  defined, a local, unprivileged user could use this flaw to leak kernel
  memory to user space or, potentially, crash the system. (CVE-2014-3917,
  Moderate)

This update also fixes the following bugs:

• A bug in the journaling code (jbd and jbd2) could, under very heavy
  workload of fsync() operations, trigger a BUG_ON and result in a kernel
  oops. Also, fdatasync() could fail to immediately write out changes in the
  file size only. These problems have been resolved by backporting a series
  of patches that fixed these problems in the respective code on Red Hat
  Enterprise Linux 6. This update also improves performance of ext3 and ext4
  file systems. (BZ#1116027)

• Due to a bug in the ext4 code, the fdatasync() system call did not force
  the inode size change to be written to the disk if it was the only metadata
  change in the file. This could result in the wrong inode size and possible
  data loss if the system terminated unexpectedly. The code handling inode
  updates has been fixed and fdatasync() now writes data to the disk as
  expected in this situation. (BZ#1117665)

• A workaround to a DMA read problem in the tg3 driver was incorrectly
  applied to the whole Broadcom 5719 and 5720 chipset family. This workaround
  is valid only to the A0 revision of the 5719 chips and for other revisions
  and chips causes occasional Tx timeouts. This update correctly applies the
  aforementioned workaround only to the A0 revision of the 5719 chips.
  (BZ#1121017)

• Due to a bug in the page writeback code, the system could become
  unresponsive when being under memory pressure and heavy NFS load. This
  update fixes the code responsible for handling of dirty pages, and dirty
  page write outs no longer flood the work queue. (BZ#1125246)

All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The system must be
rebooted for this update to take effect.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2014-September/082701.html

Affected packages:
kernel
kernel-PAE
kernel-PAE-devel
kernel-debug
kernel-debug-devel
kernel-devel
kernel-doc
kernel-headers
kernel-xen
kernel-xen-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2014:1143