SCIENTIFIC-LINUX-ERRATA Archives

March 2013

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Security ERRATA Important: kernel on SL6.x i386/x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
Pat Riehecky <[log in to unmask]>
Date:
Mon, 25 Mar 2013 09:04:50 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (85 lines) 
To address an issue with OpenIPMI not working with the new kernel, the 
following packages were added to the sl-security repo:

i386:
OpenIPMI-2.0.16-14.el6.i686.rpm
OpenIPMI-devel-2.0.16-14.el6.i686.rpm
OpenIPMI-libs-2.0.16-14.el6.i686.rpm
OpenIPMI-perl-2.0.16-14.el6.i686.rpm
OpenIPMI-python-2.0.16-14.el6.i686.rpm

x86_64:
OpenIPMI-2.0.16-14.el6.x86_64.rpm
OpenIPMI-devel-2.0.16-14.el6.i686.rpm
OpenIPMI-devel-2.0.16-14.el6.x86_64.rpm
OpenIPMI-libs-2.0.16-14.el6.i686.rpm
OpenIPMI-libs-2.0.16-14.el6.x86_64.rpm
OpenIPMI-perl-2.0.16-14.el6.x86_64.rpm
OpenIPMI-python-2.0.16-14.el6.x86_64.rpm


On 03/14/2013 09:39 AM, Pat Riehecky wrote:
> Synopsis: Important: kernel security and bug fix update
> Issue Date:        2013-03-12
> CVE Numbers:       CVE-2013-0228
>                    CVE-2013-0268
> -- 
>
> This update fixes the following security issues:
>
> * A flaw was found in the way the xen_iret() function in the Linux kernel
> used the DS (the CPU's Data Segment) register. A local, unprivileged user
> in a 32-bit, para-virtualized Xen hypervisor guest could use this flaw to
> crash the guest or, potentially, escalate their privileges.
> (CVE-2013-0228, Important)
>
> * A flaw was found in the way file permission checks for the
> "/dev/cpu/[x]/msr" files were performed in restricted root environments
> (for example, when using a capability-based security model). A local user
> with the ability to write to these files could use this flaw to escalate
> their privileges to kernel level, for example, by writing to the
> SYSENTER_EIP_MSR register. (CVE-2013-0268, Important)
>
> The system must be rebooted for this update to take effect.
> -- 
>
> SL6
>   x86_64
>     kernel-2.6.32-358.2.1.el6.x86_64.rpm
>     kernel-debug-2.6.32-358.2.1.el6.x86_64.rpm
>     kernel-debug-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm
>     kernel-debug-devel-2.6.32-358.2.1.el6.x86_64.rpm
>     kernel-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm
>     kernel-debuginfo-common-x86_64-2.6.32-358.2.1.el6.x86_64.rpm
>     kernel-devel-2.6.32-358.2.1.el6.x86_64.rpm
>     kernel-headers-2.6.32-358.2.1.el6.x86_64.rpm
>     perf-2.6.32-358.2.1.el6.x86_64.rpm
>     perf-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm
>     python-perf-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm
>     python-perf-2.6.32-358.2.1.el6.x86_64.rpm
>   i386
>     kernel-2.6.32-358.2.1.el6.i686.rpm
>     kernel-debug-2.6.32-358.2.1.el6.i686.rpm
>     kernel-debug-debuginfo-2.6.32-358.2.1.el6.i686.rpm
>     kernel-debug-devel-2.6.32-358.2.1.el6.i686.rpm
>     kernel-debuginfo-2.6.32-358.2.1.el6.i686.rpm
>     kernel-debuginfo-common-i686-2.6.32-358.2.1.el6.i686.rpm
>     kernel-devel-2.6.32-358.2.1.el6.i686.rpm
>     kernel-headers-2.6.32-358.2.1.el6.i686.rpm
>     perf-2.6.32-358.2.1.el6.i686.rpm
>     perf-debuginfo-2.6.32-358.2.1.el6.i686.rpm
>     python-perf-debuginfo-2.6.32-358.2.1.el6.i686.rpm
>     python-perf-2.6.32-358.2.1.el6.i686.rpm
>   noarch
>     kernel-doc-2.6.32-358.2.1.el6.noarch.rpm
>     kernel-firmware-2.6.32-358.2.1.el6.noarch.rpm
>
> - Scientific Linux Development Team


-- 
Pat Riehecky

Scientific Linux developer
http://www.scientificlinux.org/

ATOM RSS1 RSS2