The kernel packages contain the Linux kernel, the core of any Linux
operating system.
A buffer overflow flaw was found in the way the qeth_snmp_command()
function in the Linux kernel’s QETH network device driver implementation
handled SNMP IOCTL requests with an out-of-bounds length. A local,
unprivileged user could use this flaw to crash the system or, potentially,
escalate their privileges on the system. (CVE-2013-6381, Important)
A flaw was found in the way the Linux kernel’s Adaptec RAID controller
(aacraid) checked permissions of compat IOCTLs. A local attacker could use
this flaw to bypass intended security restrictions. (CVE-2013-6383,
Moderate)
This update also fixes the following bug:
All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The system must be
rebooted for this update to take effect.