kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2015:1081

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

• It was found that the Linux kernel’s implementation of vectored pipe read
  and write functionality did not take into account the I/O vectors that were
  already processed when retrying after a failed atomic access operation,
  potentially resulting in memory corruption due to an I/O vector array
  overrun. A local, unprivileged user could use this flaw to crash the system
  or, potentially, escalate their privileges on the system. (CVE-2015-1805,
  Important)

• A buffer overflow flaw was found in the way the Linux kernel’s Intel
  AES-NI instructions optimized version of the RFC4106 GCM mode decryption
  functionality handled fragmented packets. A remote attacker could use this
  flaw to crash, or potentially escalate their privileges on, a system over a
  connection with an active AES-GCM mode IPSec security association.
  (CVE-2015-3331, Important)

• An information leak flaw was found in the way the Linux kernel changed
  certain segment registers and thread-local storage (TLS) during a context
  switch. A local, unprivileged user could use this flaw to leak the user
  space TLS base address of an arbitrary process. (CVE-2014-9419, Low)

• It was found that the Linux kernel’s ISO file system implementation did
  not correctly limit the traversal of Rock Ridge extension Continuation
  Entries (CE). An attacker with physical access to the system could use this
  flaw to trigger an infinite loop in the kernel, resulting in a denial of
  service. (CVE-2014-9420, Low)

• An information leak flaw was found in the way the Linux kernel’s Virtual
  Dynamic Shared Object (vDSO) implementation performed address
  randomization. A local, unprivileged user could use this flaw to leak
  kernel memory addresses to user-space. (CVE-2014-9585, Low)

Red Hat would like to thank Carl Henrik Lunde for reporting
CVE-2014-9420. The security impact of the CVE-2015-1805 issue was
discovered by Red Hat.

This update also fixes several bugs and adds various enhancements.
Documentation for these changes is available from the Technical Notes
document linked to in the References section.

All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements. The system must be rebooted for this update to take effect.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2015-June/083327.html

Affected packages:
kernel
kernel-abi-whitelists
kernel-debug
kernel-debug-devel
kernel-devel
kernel-doc
kernel-firmware
kernel-headers
perf
python-perf

Upstream details at:
https://access.redhat.com/errata/RHSA-2015:1081