CentOS 6 Linux kernel 2.6.32-573.7.1 has recently been released.

Update type(s): bugfix

Resolved CVEs:

CVE-2015-5364
CVE-2015-5366

* When logging in as a user and trying to mount a share using the “cd” command,
the UID and GID autofs additional variables previously took incorrect values,
taking root UID and GID instead of user’s UID and GID. The bug in the assignment
of uid and gid mount requests has been fixed, and UID and GID now get the
correct values with autofs configuration on Red Hat Enterprise Linux 6.7.
(BZ#1258581)

* Previously, the attach_task_by_pid() function in some cases raced with the
exiting thread and tried to lock or unlock the already freed group_rwsem member
of the signal_struct list. As a consequence, a kernel crash could occur. This
update adds the cgroup_threadgroup_rwsem variable, which fixes this bug and
prevents the kernel crash from occurring in this scenario. (BZ#1246081)

* Previously, the vmxnet3 driver napi poll implementation used rx descriptor
count for the napi poll budget. This allowed to return from napi poll halfway
through recieving a fragmented packet if the budget threshold was reached. This
behavior caused a kernel panic(BUG_ON) if previous napi poll ended with skb
allocation failure and the end of packet was not reached. This bug has been
fixed by only counting whole received packets in the napi poll rather than the
rx descriptor count. As a result, the aforementioned kernel panic no longer
occurs. (BZ#1246092)

* Due to the renaming of the VLAN_GROUP_ARRAY_LEN preprocessor macro, the kernel
API for 3rd party modules changed in an incompatible way. As a consequence,
compiling the vmxnet3 driver in vmware-tools failed. This update adds a
definition of the VLAN_GROUP_ARRAY_LEN macro, and vmxnet3 now succeeds to
compile. (BZ#1242145)

* Due to the incorrect length of the FCP_RSP_INFO field, parts of the field
could be copied, and “st” and “sg” drivers thus did not work correctly. With
this update, the FCP protocol related code has been updated, and “st” and “sg”
now work as expected. (BZ#1253728)

* Previously, driving the crypto adapter under high pressure workload with long
running cryptographic requests led to performance degradations of the crypto
adapter or, in some cases, the crypto adapter entered recovery mode. As a
consequence, an Adjunct Processor (AP) queue reset was triggered to recover and
reinitialize the AP queue. Due to the different hardware behavior, the reset
could be delayed and interrupts were not re-enabled. With this update, the RAPQ
(queue reset) and AQIC (interrupt control) commands are treated fully
asynchronously, and the device driver checks the reset and interrupt states so
that it can handle the AP queue reinitialization properly. (BZ#1253729)

* Prior to this update, multiple instances trying to copy the same file
triggered a race condition in the perf buildid-cache that could truncate system
libraries and other files. With this update, unique temporary files are used
when copying to the buildid directory to prevent the aforementioned race
condition from occurring. (BZ#1253733)

* If a bonding VLAN interface entered promiscuous mode while it was inactive,
the slave interfaces previously did not enter promiscuous mode automatically
even after the bonding VLAN interface became active again. With this update, the
flag changes are always propagated to interfaces, and slave interfaces thus
enter promiscuous mode as expected. (BZ#1253734)

CentOS 6 Linux kernel 2.6.32-573.3.1 has recently been released.

Update type(s): security and bugfix

Resolved CVEs:

CVE-2015-5364
CVE-2015-5366

* When removing a directory, and a reference was held to that directory by
a reference to a negative child dentry, the directory dentry was previously
not killed. In addition, once the negative child dentry was killed, an
unlinked and unused dentry was present in the cache. As a consequence,
deadlock could be caused by forcing the dentry eviction while the file
system in question was frozen. With this update, all unused dentries are
unhashed and evicted just after a successful directory removal, which
avoids the deadlock, and the system no longer hangs in the aforementioned
scenario. (BZ#1243400)

* Due to the broken s_umount lock ordering, a race condition occurred when
an unlinked file was closed and the sync (or syncfs) utility was run at the
same time. As a consequence, deadlock occurred on a frozen file system
between sync and a process trying to unfreeze the file system. With this
update, sync (or syncfs) is skipped on a frozen file system, and deadlock
no longer occurs in the aforementioned situation. (BZ#1243404)

* Previously, in the scenario when a file was opened by file handle
(fhandle) with its dentry not present in dcache (“cold dcache”) and then
making use of the unlink() and close() functions, the inode was not freed
upon the close() system call. As a consequence, the iput() final was
delayed indefinitely. A patch has been provided to fix this bug, and the
inode is now freed as expected. (BZ#1243406)

* Due to a corrupted Executable and Linkable Format (ELF) header in the
/proc/vmcore file, the kdump utility failed to provide any information.
The underlying source code has been patched, and kdump now provides
debuging information for kernel crashes as intended. (BZ#1245195)

* Previously, running the multipath request queue caused regressions in
cases where paths failed regularly under I/O load. This regression
manifested as I/O stalls that exceeded 300 seconds. This update reverts the
changes aimed to reduce running the multipath request queue resulting in
I/O stalls completing in a timely manner. (BZ#1246095)