(RHSA-2014:0520) Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

• A flaw was found in the way the Linux kernel processed an authenticated
  COOKIE_ECHO chunk during the initialization of an SCTP connection. A remote
  attacker could use this flaw to crash the system by initiating a specially
  crafted SCTP handshake in order to trigger a NULL pointer dereference on
  the system. (CVE-2014-0101, Important)

• A race condition flaw, leading to heap-based buffer overflows, was found
  in the way the Linux kernel’s N_TTY line discipline (LDISC) implementation
  handled concurrent processing of echo output and TTY write operations
  originating from user space when the underlying TTY driver was PTY.
  An unprivileged, local user could use this flaw to crash the system or,
  potentially, escalate their privileges on the system. (CVE-2014-0196,
  Important)

Red Hat would like to thank Nokia Siemens Networks for reporting
CVE-2014-0101.

This update also fixes the following bug:

• Prior to this update, a guest-provided value was used as the head length
  of the socket buffer allocated on the host. If the host was under heavy
  memory load and the guest-provided value was too large, the allocation
  could have failed, resulting in stalls and packet drops in the guest’s Tx
  path. With this update, the guest-provided value has been limited to a
  reasonable size so that socket buffer allocations on the host succeed
  regardless of the memory load on the host, and guests can send packets
  without experiencing packet drops or stalls. (BZ#1092349)

All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The system must be
rebooted for this update to take effect.