(RHSA-2013:0911) Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

• A flaw was found in the way KVM (Kernel-based Virtual Machine)
  initialized a guest’s registered pv_eoi (paravirtualized end-of-interrupt)
  indication flag when entering the guest. An unprivileged guest user could
  potentially use this flaw to crash the host. (CVE-2013-1935, Important)

• A missing sanity check was found in the kvm_set_memory_region() function
  in KVM, allowing a user-space process to register memory regions pointing
  to the kernel address space. A local, unprivileged user could use this flaw
  to escalate their privileges. (CVE-2013-1943, Important)

• A double free flaw was found in the Linux kernel’s Virtual Ethernet
  Tunnel driver (veth). A remote attacker could possibly use this flaw to
  crash a target system. (CVE-2013-2017, Moderate)

Red Hat would like to thank IBM for reporting the CVE-2013-1935 issue and
Atzm WATANABE of Stratosphere Inc. for reporting the CVE-2013-2017 issue.
The CVE-2013-1943 issue was discovered by Michael S. Tsirkin of Red Hat.

This update also fixes several bugs and adds one enhancement. Documentation
for these changes will be available shortly from the Technical Notes
document linked to in the References section.

Users should upgrade to these updated packages, which contain backported
patches to correct these issues and add this enhancement. The system must
be rebooted for this update to take effect.