(RHSA-2015:0989) Important: kernel-rt security, bug fix, and enhancement update

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

• A buffer overflow flaw was found in the way the Linux kernel’s Intel
  AES-NI instructions optimized version of the RFC4106 GCM mode decryption
  functionality handled fragmented packets. A remote attacker could use this
  flaw to crash, or potentially escalate their privileges on, a system over a
  connection with an active AEC-GCM mode IPSec security association.
  (CVE-2015-3331, Important)

This update provides a build of the kernel-rt package for Red Hat
Enterprise MRG 2.5, which is layered on Red Hat Enterprise Linux 6.
The kernel-rt sources have been updated to include fixes for the following
issues:

• Audit subsystem not resolving path name on directory watches
• audit watches do not track correctly after a rename
• auditctl output is changed in RHEL 7
• megaraid_sas: non-booting system with intel_iommu=on kernel parameter
• GFS2: kernel NULL pointer dereference in gfs2_inplace_reserve
• Crypto adapter cannot be brought online - affect all HW
• crypto/seqiv.c: wrong check of return code from crypto_rng_get_bytes
• Backport crypto: sha256_ssse3 - also test for BMI2
• Null pointer at team_handle_frame+0x62/0x100 [team]
• AES CTR x86_64 “by8” AVX optimization
• Intel RDSEED - Fix for entropy counting
• Intel SHA1 multi-buffer crypto implementation
• Intel SHA1 AVX2 optimization support
• mlx4_en: HW timestamp ends up in error queue of socket which does not
  have SO_TIMESTAMPING enabled

(BZ#1213945)

All kernel-rt users are advised to upgrade to these updated packages, which
correct these issues and add these enhancements. The system must be
rebooted for this update to take effect.