The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.
- A buffer overflow flaw was found in the way the Linux kernel’s Intel
AES-NI instructions optimized version of the RFC4106 GCM mode decryption
functionality handled fragmented packets. A remote attacker could use this
flaw to crash, or potentially escalate their privileges on, a system over a
connection with an active AEC-GCM mode IPSec security association.
(CVE-2015-3331, Important)
This update provides a build of the kernel-rt package for Red Hat
Enterprise MRG 2.5, which is layered on Red Hat Enterprise Linux 6.
The kernel-rt sources have been updated to include fixes for the following
issues:
- Audit subsystem not resolving path name on directory watches
- audit watches do not track correctly after a rename
- auditctl output is changed in RHEL 7
- megaraid_sas: non-booting system with intel_iommu=on kernel parameter
- GFS2: kernel NULL pointer dereference in gfs2_inplace_reserve
- Crypto adapter cannot be brought online - affect all HW
- crypto/seqiv.c: wrong check of return code from crypto_rng_get_bytes
- Backport crypto: sha256_ssse3 - also test for BMI2
- Null pointer at team_handle_frame+0x62/0x100 [team]
- AES CTR x86_64 “by8” AVX optimization
- Intel RDSEED - Fix for entropy counting
- Intel SHA1 multi-buffer crypto implementation
- Intel SHA1 AVX2 optimization support
- mlx4_en: HW timestamp ends up in error queue of socket which does not
have SO_TIMESTAMPING enabled
(BZ#1213945)
All kernel-rt users are advised to upgrade to these updated packages, which
correct these issues and add these enhancements. The system must be
rebooted for this update to take effect.