Multiple vulnerabilities has been found and corrected in the Linux
kernel:

The Crypto API in the Linux kernel before 3.18.5 allows local users
to load arbitrary kernel modules via a bind system call for an
AF_ALG socket with a parenthesized module template expression in
the salg_name field, as demonstrated by the vfat(aes) expression,
a different vulnerability than CVE-2013-7421 (CVE-2014-9644).

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before
3.18 generates incorrect conntrack entries during handling of certain
iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols,
which allows remote attackers to bypass intended access restrictions
via packets with disallowed port numbers (CVE-2014-8160).

The Crypto API in the Linux kernel before 3.18.5 allows local users
to load arbitrary kernel modules via a bind system call for an
AF_ALG socket with a module name in the salg_name field, a different
vulnerability than CVE-2014-9644 (CVE-2013-7421).

The updated packages provides a solution for these security issues.