The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's VFS subsystem handled file system locks. A local, unprivileged user could use this flaw to trigger a deadlock in the kernel, causing a denial of service on the system. (CVE-2014-8559, Moderate) * A buffer overflow flaw was found in the way the Linux kernel's virtio-net subsystem handled certain fraglists when the GRO (Generic Receive Offload) functionality was enabled in a bridged network configuration. An attacker on the local network could potentially use this flaw to crash the system, or, although unlikely, elevate their privileges on the system. (CVE-2015-5156, Moderate) The CVE-2015-5156 issue was discovered by Jason Wang of Red Hat. The kernel-rt packages have been upgraded to version 3.10.0-229.20.1, which provides a number of bug fixes and enhancements over the previous version, including: * Unexpected completion is detected on Intel Ethernet x540 * Divide by zero error in intel_pstate_timer_func() [ inline s64 div_s64_rem() ] * NFS Recover from stateid-type error on SETATTR * pNFS RHEL 7.1 Data Server connection remains after umount due to lseg refcount leak * Race during NFS v4.0 recovery and standard IO. * Fix ip6t_SYNPROXY for namespaces and connection delay * synproxy window size and sequence number behaviour causes long connection delay * Crash in kmem_cache_alloc() during disk stress testing (using ipr) * xfs: sync/backport to upstream v4.1 * iscsi_session recovery_tmo revert back to default when a path becomes active * read from MD raid1 can fail if read from resync target fails * backport scsi-mq * unable to handle kernel paging request at 0000000000237037 [zswap] (BZ#1266915) All kernel-rt users are advised to upgrade to these updated packages, which correct these issues and add this enhancement. The system must be rebooted for this update to take effect.