(RHSA-2012:1430) Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issue:

• A flaw was found in the way socket buffers (skb) requiring TSO (TCP
  segment offloading) were handled by the sfc driver. If the skb did not fit
  within the minimum-size of the transmission queue, the network card could
  repeatedly reset itself. A remote attacker could use this flaw to cause a
  denial of service. (CVE-2012-3412, Important)

Red Hat would like to thank Ben Hutchings of Solarflare ™ for reporting
this issue.

This update also fixes the following bugs:

• In the hpet_next_event() function, an interrupt could have occurred
  between the read and write of the HPET (High Precision Event Timer) and the
  value of HPET_COUNTER was then beyond that being written to the comparator
  (HPET_Tn_CMP). Consequently, the timers were overdue for up to several
  minutes. Now, a comparison is performed between the value of the counter
  and the comparator in the HPET code. If the counter is beyond the
  comparator, the “-ETIME” error code is returned, which fixes this bug.
  (BZ#855280)

• Traffic to the NFS server could trigger a kernel oops in the
  svc_tcp_clear_pages() function. The source code has been modified, and the
  kernel oops no longer occurs in this scenario. (BZ#856104)

• A kernel oops occurred in the nf_nat code when a bogus pointer was
  dereferenced in the nf_conn_nat structure. Consequently, if Source Network
  Address Translation (SNAT) was performed, incorrect information could be
  received by other CTS (Clear to Send) signals. A conntrack entry is now
  placed in the source hash after SNAT has been completed, which prevents the
  described problems. (BZ#865714)

Users should upgrade to these updated packages, which contain backported
patches to resolve these issues. The system must be rebooted for this
update to take effect.