The Linux kernel was updated to fix security issues and bugs:
Security issues fixed:
CVE-2014-3153: The futex_requeue function in kernel/futex.c in the Linux
kernel did not ensure that calls have two different futex addresses,
which allowed local users to gain privileges via a crafted FUTEX_REQUEUE
command that facilitates unsafe waiter modification.
CVE-2014-0077: drivers/vhost/net.c in the Linux kernel, when mergeable
buffers are disabled, did not properly validate packet lengths, which
allowed guest OS users to cause a denial of service (memory corruption
and host OS crash) or possibly gain privileges on the host OS via crafted
packets, related to the handle_rx and get_rx_bufs functions.
CVE-2014-0055: The get_rx_bufs function in drivers/vhost/net.c in the
vhost-net subsystem in the Linux kernel package did not properly handle
vhost_get_vq_desc errors, which allowed guest OS users to cause a denial
of service (host OS crash) via unspecified vectors.
CVE-2014-2678: The rds_iw_laddr_check function in net/rds/iw.c in the
Linux kernel allowed local users to cause a denial of service (NULL
pointer dereference and system crash) or possibly have unspecified other
impact via a bind system call for an RDS socket on a system that lacks
RDS transports.
CVE-2013-7339: The rds_ib_laddr_check function in net/rds/ib.c in the
Linux kernel allowed local users to cause a denial of service (NULL
pointer dereference and system crash) or possibly have unspecified other
impact via a bind system call for an RDS socket on a system that lacks
RDS transports.
CVE-2014-2851: Integer overflow in the ping_init_sock function in
net/ipv4/ping.c in the Linux kernel allowed local users to cause a denial
of service (use-after-free and system crash) or possibly gain privileges
via a crafted application that leverages an improperly managed reference
counter.
CVE-2014-3122: The try_to_unmap_cluster function in mm/rmap.c in the Linux
kernel did not properly consider which pages must be locked, which allowed
local users to cause a denial of service (system crash) by triggering
a memory-usage pattern that requires removal of page-table mappings.
Bugs fixed:
- memcg: deprecate memory.force_empty knob (bnc#878274).
- Submitted by Marcus Meissner (msmeissn)
- Reboot is suggested