Koozali.org: home of the SME Server

Security Advisory - Important: kernel security and bug fix update - RH EL5

Offline TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Red Hat has released a security update for EL5 that will apply to
Koozali SME8, it has been rated as Important

Update will be available from upstream as appropriate.

See here for full notice: https://rhn.redhat.com/errata/RHSA-2015-1042.html

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update
Advisory ID:       RHSA-2015:1042-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1042.html
Issue date:        2015-06-02
CVE Names:         CVE-2015-1805
=====================================================================

1. Summary:

Updated kernel packages that fix one security issue and several bugs are
now available for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* It was found that the Linux kernel's implementation of vectored pipe read
and write functionality did not take into account the I/O vectors that were
already processed when retrying after a failed atomic access operation,
potentially resulting in memory corruption due to an I/O vector array
overrun. A local, unprivileged user could use this flaw to crash the system
or, potentially, escalate their privileges on the system. (CVE-2015-1805,
Important)

The security impact of this issue was discovered by Red Hat.
--
qui scribit bis legit