Red Hat Customer Portal

Skip to main content

Main Navigation

  • Products & Services
    • Back
    • View All Products
    • Infrastructure and Management
      • Back
      • Red Hat Enterprise Linux
      • Red Hat Virtualization
      • Red Hat Identity Management
      • Red Hat Directory Server
      • Red Hat Certificate System
      • Red Hat Satellite
      • Red Hat Subscription Management
      • Red Hat Update Infrastructure
      • Red Hat Insights
      • Red Hat Ansible Tower
      • Red Hat Ansible Engine
    • Cloud Computing
      • Back
      • Red Hat CloudForms
      • Red Hat OpenStack Platform
      • Red Hat Cloud Infrastructure
      • Red Hat Cloud Suite
      • Red Hat OpenShift Container Platform
      • Red Hat OpenShift Online
      • Red Hat OpenShift Dedicated
      • Red Hat Quay
    • Storage
      • Back
      • Red Hat Gluster Storage
      • Red Hat Hyperconverged Infrastructure
      • Red Hat Ceph Storage
      • Red Hat Openshift Container Storage
    • Runtimes
      • Back
      • Red Hat Runtimes
      • Red Hat JBoss Enterprise Application Platform
      • Red Hat Data Grid
      • Red Hat JBoss Web Server
      • Red Hat Single Sign On
      • Red Hat support for Spring Boot
      • Red Hat build of Node.js
      • Red Hat build of Thorntail
      • Red Hat build of Eclipse Vert.x
      • Red Hat build of OpenJDK
      • Open Liberty
    • Integration and Automation
      • Back
      • Red Hat Integration
      • Red Hat Fuse
      • Red Hat AMQ
      • Red Hat 3scale API Management
      • Red Hat JBoss Data Virtualization
      • Red Hat Automation
      • Red Hat Process Automation Manager
      • Red Hat Decision Manager
    • Mobile
      • Back
      • Red Hat Mobile Application Platform
    • Support
    • Production Support
    • Development Support
    • Product Life Cycle & Update Policies
    • Documentation
    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    • Services
    • Consulting
    • Technical Account Management
    • Training & Certifications
    • Ecosystem
    • Partner Resources
    • Red Hat in the Public Cloud
  • Tools
    • Back
    • Red Hat Insights
    • Tools
    • Solution Engine
    • Packages
    • Errata
    • Customer Portal Labs
    • Explore Labs
    • Configuration
    • Deployment
    • Security
    • Troubleshooting
  • Security
    • Back
    • Product Security Center
    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Security Labs
    • Resources
    • Overview
    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community
    • Back
    • Customer Portal Community
    • Discussions
    • Blogs
    • Private Groups
    • Community Activity
    • Customer Events
    • Red Hat Convergence
    • Red Hat Summit
    • Stories
    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Account
    • Back
    • Log In
    • Register
    • Red Hat Account Number:
    • Account Details
    • User Management
    • Account Maintenance
    • My Profile
    • Notifications
    • Help
    • Log Out
  • Language
    • Back
    • English
    • 한국어
    • 日本語
    • 中文 (中国)
Red Hat Customer Portal
  • Products & Services
    • Back
    • View All Products
    • Infrastructure and Management
      • Back
      • Red Hat Enterprise Linux
      • Red Hat Virtualization
      • Red Hat Identity Management
      • Red Hat Directory Server
      • Red Hat Certificate System
      • Red Hat Satellite
      • Red Hat Subscription Management
      • Red Hat Update Infrastructure
      • Red Hat Insights
      • Red Hat Ansible Tower
      • Red Hat Ansible Engine
    • Cloud Computing
      • Back
      • Red Hat CloudForms
      • Red Hat OpenStack Platform
      • Red Hat Cloud Infrastructure
      • Red Hat Cloud Suite
      • Red Hat OpenShift Container Platform
      • Red Hat OpenShift Online
      • Red Hat OpenShift Dedicated
      • Red Hat Quay
    • Storage
      • Back
      • Red Hat Gluster Storage
      • Red Hat Hyperconverged Infrastructure
      • Red Hat Ceph Storage
      • Red Hat Openshift Container Storage
    • Runtimes
      • Back
      • Red Hat Runtimes
      • Red Hat JBoss Enterprise Application Platform
      • Red Hat Data Grid
      • Red Hat JBoss Web Server
      • Red Hat Single Sign On
      • Red Hat support for Spring Boot
      • Red Hat build of Node.js
      • Red Hat build of Thorntail
      • Red Hat build of Eclipse Vert.x
      • Red Hat build of OpenJDK
      • Open Liberty
    • Integration and Automation
      • Back
      • Red Hat Integration
      • Red Hat Fuse
      • Red Hat AMQ
      • Red Hat 3scale API Management
      • Red Hat JBoss Data Virtualization
      • Red Hat Automation
      • Red Hat Process Automation Manager
      • Red Hat Decision Manager
    • Mobile
      • Back
      • Red Hat Mobile Application Platform
    • Support
    • Production Support
    • Development Support
    • Product Life Cycle & Update Policies
    • Documentation
    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    • Services
    • Consulting
    • Technical Account Management
    • Training & Certifications
    • Ecosystem
    • Partner Resources
    • Red Hat in the Public Cloud
  • Tools
    • Back
    • Red Hat Insights
    • Tools
    • Solution Engine
    • Packages
    • Errata
    • Customer Portal Labs
    • Explore Labs
    • Configuration
    • Deployment
    • Security
    • Troubleshooting
  • Security
    • Back
    • Product Security Center
    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Security Labs
    • Resources
    • Overview
    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community
    • Back
    • Customer Portal Community
    • Discussions
    • Blogs
    • Private Groups
    • Community Activity
    • Customer Events
    • Red Hat Convergence
    • Red Hat Summit
    • Stories
    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Account
    • Back
    • Log In
    • Register
    • Red Hat Account Number:
    • Account Details
    • User Management
    • Account Maintenance
    • My Profile
    • Notifications
    • Help
    • Log Out
  • Language
    • Back
    • English
    • 한국어
    • 日本語
    • 中文 (中国)
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Search
  • Log In
  • Language
Troubleshooting an issue? Try Solution Engine—our new support tool.

Log in to Your Red Hat Account

Log In

Your Red Hat account gives you access to your profile, preferences, and services, depending on your status.

Register

If you are a new customer, register now for access to product evaluations and purchasing capabilities.

Need access to an account?

If your company has an existing Red Hat account, your organization administrator can grant you access.

If you have any questions, please contact customer service.

Red Hat Account Number:

Red Hat Account

  • Account Details
  • User Management
  • Account Maintenance
  • Account Team

Customer Portal

  • My Profile
  • Notifications
  • Help

For your security, if you’re on a public computer and have finished using your Red Hat services, please be sure to log out.

Log Out

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)
Red Hat Customer Portal
  • Products & Services
  • Tools
  • Security
  • Community
  • Infrastructure and Management

  • Cloud Computing

  • Storage

  • Runtimes

  • Integration and Automation

  • Mobile

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Tower
  • Red Hat Ansible Engine
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat Cloud Infrastructure
  • Red Hat Cloud Suite
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Quay
  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat Openshift Container Storage
  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Open Liberty
  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
  • Red Hat Mobile Application Platform
View All Products
  • Support
  • Production Support
  • Development Support
  • Product Life Cycle & Update Policies

Services

  • Consulting
  • Technical Account Management
  • Training & Certifications
  • Documentation
  • Red Hat Enterprise Linux
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Ecosystem
  • Red Hat in the Public Cloud
  • Partner Resources

Tools

  • Solution Engine
  • Packages
  • Errata
  • Customer Portal Labs
  • Configuration
  • Deployment
  • Security
  • Troubleshooting

Red Hat Insights

Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

  • Learn more
  • Go to Insights

Red Hat Product Security Center

Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

Product Security Center

Security Updates

  • Security Advisories
  • Red Hat CVE Database
  • Security Labs

Keep your systems secure with Red Hat's specialized responses for high-priority security vulnerabilities.

  • View Responses

Resources

  • Overview
  • Security Blog
  • Security Measurement
  • Severity Ratings
  • Backporting Policies
  • Product Signing (GPG) Keys

Customer Portal Community

  • Discussions
  • Blogs
  • Private Groups
  • Community Activity

Customer Events

  • Red Hat Convergence
  • Red Hat Summit

Stories

  • Red Hat Subscription Value
  • You Asked. We Acted.
  • Open Source Communities
Red Hat Product Errata RHSA-2015:0695 - Security Advisory
Issued:
2015-03-17
Updated:
2015-03-17

RHSA-2015:0695 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: kernel security and bug fix update

Type/Severity

Security Advisory: Important

Topic

Updated kernel packages that fix multiple security issues and two bugs are
now available for Red Hat Enterprise Linux 6.2 Advanced Update Support.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

Description

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

  • A flaw was found in the way the Linux kernel's SCTP implementation
    validated INIT chunks when performing Address Configuration Change
    (ASCONF). A remote attacker could use this flaw to crash the system by
    sending a specially crafted SCTP packet to trigger a NULL pointer
    dereference on the system. (CVE-2014-7841, Important)
  • It was found that the Linux kernel's Infiniband subsystem did not
    properly sanitize input parameters while registering memory regions from
    user space via the (u)verbs API. A local user with access to a
    /dev/infiniband/uverbsX device could use this flaw to crash the system or,
    potentially, escalate their privileges on the system. (CVE-2014-8159,
    Important)
  • An integer overflow flaw was found in the way the Linux kernel's Frame
    Buffer device implementation mapped kernel memory to user space via the
    mmap syscall. A local user able to access a frame buffer device file
    (/dev/fb*) could possibly use this flaw to escalate their privileges on the
    system. (CVE-2013-2596, Important)
  • It was found that the parse_rock_ridge_inode_internal() function of the
    Linux kernel's ISOFS implementation did not correctly check relocated
    directories when processing Rock Ridge child link (CL) tags. An attacker
    with physical access to the system could use a specially crafted ISO image
    to crash the system or, potentially, escalate their privileges on the
    system. (CVE-2014-5471, CVE-2014-5472, Low)

Red Hat would like to thank Mellanox for reporting the CVE-2014-8159 issue.
The CVE-2014-7841 issue was discovered by Liu Wei of Red Hat.

This update also fixes the following bugs:

  • Previously, certain network device drivers did not accept ethtool
    commands right after they were loaded. As a consequence, the current
    setting of the specified device driver was not applied and an error message
    was returned. The ETHTOOL_DELAY variable has been added, which makes sure
    the ethtool utility waits for some time before it tries to apply the
    options settings, thus fixing the bug. (BZ#1138299)
  • During the memory allocation for a new socket to communicate to the
    server, the rpciod daemon released a clean page which needed to be
    committed. However, the commit was queueing indefinitely as the commit
    could only be provided with a socket connection. As a consequence, a
    deadlock occurred in rpciod. This update sets the PF_FSTRANS flag on the
    work queue task prior to the socket allocation, and adds the
    nfs_release_page check for the flag when deciding whether to make a commit
    call, thus fixing this bug. (BZ#1192326)

All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The system must be
rebooted for this update to take effect.

Solution

Before applying this update, make sure all previously released errata relevant
to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server - AUS 6.2 x86_64

Fixes

  • BZ - 1034490 - CVE-2013-2596 kernel: integer overflow in fb_mmap
  • BZ - 1134099 - CVE-2014-5471 CVE-2014-5472 kernel: isofs: unbound recursion when processing relocated directories
  • BZ - 1163087 - CVE-2014-7841 kernel: net: sctp: NULL pointer dereference in af->from_addr_param on malformed packet
  • BZ - 1181166 - CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access

CVEs

  • CVE-2014-5472
  • CVE-2014-5471
  • CVE-2013-2596
  • CVE-2014-7841
  • CVE-2014-8159

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 6.2

SRPM
kernel-2.6.32-220.60.2.el6.src.rpm SHA-256: 2d30422470e9ba2f577895e747f90be736af0b21ae53e9de299549964e3efe19
x86_64
kernel-2.6.32-220.60.2.el6.x86_64.rpm SHA-256: d0f78fe66cc2dae3dcd04816ea1f0af2f4e925a00197b03e2df548c4ce9f1bbf
kernel-debug-2.6.32-220.60.2.el6.x86_64.rpm SHA-256: 0c85e4a37955fc27ea229c153dfec73da342e9bb5f553909d0ee60dd53fa74fa
kernel-debug-debuginfo-2.6.32-220.60.2.el6.x86_64.rpm SHA-256: 8f71e67d8b39b7fc0227d774558fa6dab5cbf6c5d791b16837bddca0e81a1d0e
kernel-debug-debuginfo-2.6.32-220.60.2.el6.x86_64.rpm SHA-256: 8f71e67d8b39b7fc0227d774558fa6dab5cbf6c5d791b16837bddca0e81a1d0e
kernel-debug-devel-2.6.32-220.60.2.el6.x86_64.rpm SHA-256: 6ee25fdeee6bde2df81a2177128e56a5c18d65471d4699388b51f693380bd560
kernel-debuginfo-2.6.32-220.60.2.el6.x86_64.rpm SHA-256: 958540abc121c206fc29b6a8c5b15c272c7ef9e56ea8d4a36896ff5b572a5f0a
kernel-debuginfo-2.6.32-220.60.2.el6.x86_64.rpm SHA-256: 958540abc121c206fc29b6a8c5b15c272c7ef9e56ea8d4a36896ff5b572a5f0a
kernel-debuginfo-common-x86_64-2.6.32-220.60.2.el6.x86_64.rpm SHA-256: 67c59fa64896abf969383cfa54ed3703d9462aea9152832c572a830febe329a6
kernel-debuginfo-common-x86_64-2.6.32-220.60.2.el6.x86_64.rpm SHA-256: 67c59fa64896abf969383cfa54ed3703d9462aea9152832c572a830febe329a6
kernel-devel-2.6.32-220.60.2.el6.x86_64.rpm SHA-256: 2671c77fad2e3bd5d11f394099afb8b1635cbb933b67f95554bafaf35d374150
kernel-doc-2.6.32-220.60.2.el6.noarch.rpm SHA-256: ec89df1a33ab84c4717c0b52f475db2511d6561d351be6bd1dc4374772cb0e76
kernel-firmware-2.6.32-220.60.2.el6.noarch.rpm SHA-256: f40a151c56967f007d025f7ba4e345211c351ea9eeb2d414fa66686e30fffa0e
kernel-headers-2.6.32-220.60.2.el6.x86_64.rpm SHA-256: 8fbbd90aba694ce62d949e941182af0306ac93abe7ab3e43f02780c270236783
perf-2.6.32-220.60.2.el6.x86_64.rpm SHA-256: 3aa3ca66e9ff59f0c33c79e1ba88357fdbd7c1394ad80db7dc258427b90e5871
perf-debuginfo-2.6.32-220.60.2.el6.x86_64.rpm SHA-256: 5c7729e9bb9e4220ee9b2a20d3b46aac1dcc87f3a9a1245de2d0ee8a02aeb1ad
perf-debuginfo-2.6.32-220.60.2.el6.x86_64.rpm SHA-256: 5c7729e9bb9e4220ee9b2a20d3b46aac1dcc87f3a9a1245de2d0ee8a02aeb1ad
python-perf-2.6.32-220.60.2.el6.x86_64.rpm SHA-256: 0d69aa5eba2c9041a4ead05437b55a5b794bab7524059e32c4c72266fac1a388
python-perf-debuginfo-2.6.32-220.60.2.el6.x86_64.rpm SHA-256: 115c0ef7c0aca7f218e9a94526d9defe85b7e9283b41ece74d08740093751b0b
python-perf-debuginfo-2.6.32-220.60.2.el6.x86_64.rpm SHA-256: 115c0ef7c0aca7f218e9a94526d9defe85b7e9283b41ece74d08740093751b0b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • openshift.com
  • developers.redhat.com
  • connect.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2019 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter Facebook