is it allowed to run production server on linux kernel 2.6.34 ?

Hello, yes it still can be safe to use linux kernel 2.6.34.
The exploit you reference need the attacker to have a local system account to perform this attack. (ssh access)
This is certainly not the case.
What make you think you are infected ?

Kernel 2.6.34 (pure from kernel.org) is not very secure.
Do you have full version of it (uname -r)?

Whenever you use a proper firewall and your apache server is up to date
+ if you only let http port open, i doubt that this kernel would be a problem.

Anybody can consume all system RAM via CVE-2012-6638, firewall or not.
Thats one I remember, plus 100 others lost in time.
If you are patching from whichever still supported source 2.6.34-(whatever number) should be very good for any purpose

Do you have full version of it (uname -r)?

2.6.34-12-desktop
uname -a
Linux opensuse 2.6.34-12-desktop #1 SMP PREEMPT 2010-06-29 02:39:08 +0200 x86_64 x86_64 x86_64 GNU/Linux  

How to patch that? maybe just update kernel? if I update it to the newest kernel could it cause any inconsistency in userspace programs behaviour? in FreeBSD I need to get updated both kernel + us + ports, what about suse?

Well, every guy comes to the company with his own philosophy.

On the pretext that it is unmaintainable at least get it to FreeBSD -RELENG releases, CentOS&Fedora to CentOS 5 or 6 or 7-latest and OpenSUSE to evergreen release thet follows installed one.
At least you & company will have good oversight what is in the server room.

If you run typical apache and tomcat on 20 servers, maybe make load-balance cluster of two linux servers and 10 applications... You gain stability, 99.9% availability and 8 systems off your hands...