Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2015:1211 - Security Advisory
Issued:
2015-07-07
Updated:
2015-07-07

RHSA-2015:1211 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: kernel security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated kernel packages that fix one security issue and two bugs are now
available for Red Hat Enterprise Linux 6.4 Advanced Update Support.

Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

Description

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

  • It was found that the Linux kernel's implementation of vectored pipe read

and write functionality did not take into account the I/O vectors that were
already processed when retrying after a failed atomic access operation,
potentially resulting in memory corruption due to an I/O vector array
overrun. A local, unprivileged user could use this flaw to crash the system
or, potentially, escalate their privileges on the system. (CVE-2015-1805,
Important)

The security impact of this issue was discovered by Red Hat.

This update also fixes the following bugs:

  • The backlog data could previously not be consumed when the

audit_log_start() function was running even if audit_log_start() called the
wait_for_auditd() function to consume it. As only auditd could consume the
backlog data, audit_log_start() terminated unexpectedly. Consequently, the
system became unresponsive until the backlog timeout was up. With this
update, audit_log_start() no longer terminates and the system shuts down
and reboots gracefully in a timely manner. (BZ#1140489)

  • Direct I/O writes extending a parallel file could previously race to

update the size of the file. If the writes executed in the out-of-order
manner, the file size could move backwards and push a previously completed
write beyond EOF, causing it to be lost. With this update, file size
updates are always executed in appropriate order, thus fixing this bug.
(BZ#1218497)

All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The system must be
rebooted for this update to take effect.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server - AUS 6.4 x86_64

Fixes

  • BZ - 1202855 - CVE-2015-1805 kernel: pipe: iovec overrun leading to memory corruption

CVEs

  • CVE-2015-1805

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 6.4

SRPM
kernel-2.6.32-358.62.1.el6.src.rpm SHA-256: c68e635e636fc65782dc0e3222920904bac806e281a9da3851091d42a641f8d6
x86_64
kernel-2.6.32-358.62.1.el6.x86_64.rpm SHA-256: 1284c0aff3dac54a9d36fd9db7ea1545972984588b521d62720c5c686bcf23cb
kernel-debug-2.6.32-358.62.1.el6.x86_64.rpm SHA-256: 979c3bf93d39d71383708f1e3c61ffa013cf97705026cb24f35c77eb2f29f09c
kernel-debug-debuginfo-2.6.32-358.62.1.el6.x86_64.rpm SHA-256: 25b58036b233604cb406f38b94dec9984979470426efcd80afdfa00c4a3c2ed1
kernel-debug-debuginfo-2.6.32-358.62.1.el6.x86_64.rpm SHA-256: 25b58036b233604cb406f38b94dec9984979470426efcd80afdfa00c4a3c2ed1
kernel-debug-devel-2.6.32-358.62.1.el6.x86_64.rpm SHA-256: 74cf02a6eeb06b5c8b8a1f7e7ff26dddcc87e0e9cc37c10e522c6e7a30f2f478
kernel-debuginfo-2.6.32-358.62.1.el6.x86_64.rpm SHA-256: e114dce932238b9ebcc2b8ea7ba316e5855be0f8228a3ffda104a51f389bb00c
kernel-debuginfo-2.6.32-358.62.1.el6.x86_64.rpm SHA-256: e114dce932238b9ebcc2b8ea7ba316e5855be0f8228a3ffda104a51f389bb00c
kernel-debuginfo-common-x86_64-2.6.32-358.62.1.el6.x86_64.rpm SHA-256: fd71591514ad6c7d9b2393a25b76c921a442b9c77fc04c55e3e1b583603ddb0b
kernel-debuginfo-common-x86_64-2.6.32-358.62.1.el6.x86_64.rpm SHA-256: fd71591514ad6c7d9b2393a25b76c921a442b9c77fc04c55e3e1b583603ddb0b
kernel-devel-2.6.32-358.62.1.el6.x86_64.rpm SHA-256: 6cee130527b6ebfda2cb0fdf715998ef9145bd5273fcc9e6d82a1c683946cf2c
kernel-doc-2.6.32-358.62.1.el6.noarch.rpm SHA-256: 6511e65eb95819698f7ca29afd4783dc3c331c6472969a3a60f8ad674049654c
kernel-firmware-2.6.32-358.62.1.el6.noarch.rpm SHA-256: e88428ebaa935c20c54b52f2c3ad04a69a56aff71e9863f99e70306a38cfdc71
kernel-headers-2.6.32-358.62.1.el6.x86_64.rpm SHA-256: 3959ad5c3c6969de71b54c74ab73e3268a58efd7095a956c821d0bf4cb45df59
perf-2.6.32-358.62.1.el6.x86_64.rpm SHA-256: 22644926a2c31234fb129916cb92ddf3aeed9b098875693da288e23433da9275
perf-debuginfo-2.6.32-358.62.1.el6.x86_64.rpm SHA-256: 70f1a692beef645811ddefeb6a61db4555bedb494dfcce7d02e7f8bbfcbfcdf7
perf-debuginfo-2.6.32-358.62.1.el6.x86_64.rpm SHA-256: 70f1a692beef645811ddefeb6a61db4555bedb494dfcce7d02e7f8bbfcbfcdf7
python-perf-2.6.32-358.62.1.el6.x86_64.rpm SHA-256: 5b122fcb5db88e0863d7c7bcc3212c9f45f368edfaa73add658a1049863aedb5
python-perf-debuginfo-2.6.32-358.62.1.el6.x86_64.rpm SHA-256: 87a44cdcb55406b53bf1936722687ee4f80b95cbf98764ff2c2a5fb696b5b028
python-perf-debuginfo-2.6.32-358.62.1.el6.x86_64.rpm SHA-256: 87a44cdcb55406b53bf1936722687ee4f80b95cbf98764ff2c2a5fb696b5b028

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2022 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter