(RHSA-2013:1520) Moderate: kernel security, bug fix, and enhancement update

Red Hat OpenStack 3.0 includes a custom Red Hat Enterprise Linux 6.4
kernel. These custom kernel packages include support for network
namespaces; this support is required to facilitate advanced OpenStack
Networking deployments.

• A flaw was found in the way the Linux kernel’s TCP/IP protocol suite
  implementation handled IPv6 sockets that used the UDP_CORK option. A local,
  unprivileged user could use this flaw to cause a denial of service.
  (CVE-2013-4162, Moderate)

• An information leak flaw was found in the way the Linux kernel’s device
  mapper subsystem, under certain conditions, interpreted data written to
  snapshot block devices. An attacker could use this flaw to read data from
  disk blocks in free space, which are normally inaccessible. (CVE-2013-4299,
  Moderate)

Red Hat would like to thank Hannes Frederic Sowa for reporting
CVE-2013-4162; and Fujitsu for reporting CVE-2013-4299.

This update also fixes the following bug:

• Prior to this update, while performing Generic Routing Encapsulation
  (GRE), the possibility of having a 802.1Q inner header was not considered
  during the Generic Segmentation Offloading (GSO). With this update, a check
  has been added to detect the use of 802.1Q and handle the packet
  accordingly. (BZ#1005804)

In addition, this update adds the following enhancements:

• This update adds support for Distributed Overlay Virtual Ethernet (DOVE).
  (BZ#1009025)

• This update adds support for Virtual Extensible LAN (VXLAN) as an Open
  vSwitch (OVS) tunneling type. (BZ#1009006)

More information on the Red Hat Enterprise Linux 6.4 kernel packages upon
which these custom kernel packages are based is available in
RHSA-2013:1436:

https://rhn.redhat.com/errata/RHSA-2013-1436.html

All Red Hat OpenStack 3.0 users deploying the OpenStack Networking service
are advised to install these updated packages.