kernel-2.6.32-642.el6

The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.

Security issues fixed with this release:

CVE-2010-5313
Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38
allows L2 guest OS users to cause a denial of service (L1 guest OS
crash) via a crafted instruction that triggers an L2 emulation failure
report, a similar issue to CVE-2014-7842.
CVE-2013-4312
The Linux kernel before 4.4.1 allows local users to bypass
file-descriptor limits and cause a denial of service (memory
consumption) by sending each descriptor over a UNIX socket before
closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
CVE-2014-7842
Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4
allows guest OS users to cause a denial of service (guest OS crash)
via a crafted application that performs an MMIO transaction or a PIO
transaction to trigger a guest userspace emulation error report, a
similar issue to CVE-2010-5313.
CVE-2014-8134
The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux
kernel through 3.18 uses an improper paravirt_enabled setting for KVM
guest kernels, which makes it easier for guest OS users to bypass the
ASLR protection mechanism via a crafted application that reads a
16-bit value.
CVE-2015-5156
The virtnet_probe function in drivers/net/virtio_net.c in the Linux
kernel before 4.2 attempts to support a FRAGLIST feature without
proper memory allocation, which allows guest OS users to cause a
denial of service (buffer overflow and memory corruption) via a
crafted sequence of fragmented packets.
CVE-2015-7509
fs/ext4/namei.c in the Linux kernel before 3.7 allows physically
proximate attackers to cause a denial of service (system crash) via a
crafted no-journal filesystem, a related issue to CVE-2013-2015.
CVE-2015-8215
net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0
does not validate attempted changes to the MTU value, which allows
context-dependent attackers to cause a denial of service (packet loss)
via a value that is (1) smaller than the minimum compliant value or
(2) larger than the MTU of an interface, as demonstrated by a Router
Advertisement (RA) message that is not validated by a daemon, a
different vulnerability than CVE-2015-0272. NOTE: the scope of
CVE-2015-0272 is limited to the NetworkManager product.
CVE-2015-8324
The ext4 implementation in the Linux kernel before 2.6.34 does not
properly track the initialization of certain data structures, which
allows physically proximate attackers to cause a denial of service
(NULL pointer dereference and panic) via a crafted USB device, related
to the ext4_fill_super function.
CVE-2015-8543
The networking implementation in the Linux kernel through 4.3.3, as
used in Android and other products, does not validate protocol
identifiers for certain protocol families, which allows local users to
cause a denial of service (NULL function pointer dereference and
system crash) or possibly gain privileges by leveraging CLONE_NEWUSER
support to execute a crafted SOCK_RAW application.

Additional Changes:

* Please refer to Asianux Server 4 SP6 Release notes.