Kernel update [RHEL6.5 2.6.32-431.5.1.el6]

• A buffer overflow flaw was found in the way the qeth_snmp_command()
  function in the Linux kernel's QETH network device driver implementation
  handled SNMP IOCTL requests with an out-of-bounds length. A local,
  unprivileged user could use this flaw to crash the system or, potentially,
  escalate their privileges on the system. (CVE-2013-6381, Important)

• A flaw was found in the way the get_dumpable() function return value was
  interpreted in the ptrace subsystem of the Linux kernel. When
  'fs.suid_dumpable' was set to 2, a local, unprivileged local user could
  use this flaw to bypass intended ptrace restrictions and obtain
  potentially sensitive information. (CVE-2013-2929, Low)

• It was found that certain protocol handlers in the Linux kernel's
  networking implementation could set the addr_len value without initializing
  the associated data structure. A local, unprivileged user could use this
  flaw to leak kernel stack memory to user space using the recvmsg, recvfrom,
  and recvmmsg system calls (CVE-2013-7263, CVE-2013-7265, Low).

This update also fixes several bugs.

Bugs fixed (https://bugzilla.redhat.com/):

1028148 - CVE-2013-2929 kernel: exec/ptrace: get_dumpable() incorrect tests
1033600 - CVE-2013-6381 Kernel: qeth: buffer overflow in snmp ioctl
1035875 - CVE-2013-7263 CVE-2013-7265 Kernel: net: leakage of uninitialized memory to user-space via recv syscalls