(RHSA-2015:1211) Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

• It was found that the Linux kernel’s implementation of vectored pipe read
  and write functionality did not take into account the I/O vectors that were
  already processed when retrying after a failed atomic access operation,
  potentially resulting in memory corruption due to an I/O vector array
  overrun. A local, unprivileged user could use this flaw to crash the system
  or, potentially, escalate their privileges on the system. (CVE-2015-1805,
  Important)

The security impact of this issue was discovered by Red Hat.

This update also fixes the following bugs:

• The backlog data could previously not be consumed when the
  audit_log_start() function was running even if audit_log_start() called the
  wait_for_auditd() function to consume it. As only auditd could consume the
  backlog data, audit_log_start() terminated unexpectedly. Consequently, the
  system became unresponsive until the backlog timeout was up. With this
  update, audit_log_start() no longer terminates and the system shuts down
  and reboots gracefully in a timely manner. (BZ#1140489)

• Direct I/O writes extending a parallel file could previously race to
  update the size of the file. If the writes executed in the out-of-order
  manner, the file size could move backwards and push a previously completed
  write beyond EOF, causing it to be lost. With this update, file size
  updates are always executed in appropriate order, thus fixing this bug.
  (BZ#1218497)

All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The system must be
rebooted for this update to take effect.