To address an issue with OpenIPMI not working with the new kernel, the following packages were added to the sl-security repo: i386: OpenIPMI-2.0.16-14.el6.i686.rpm OpenIPMI-devel-2.0.16-14.el6.i686.rpm OpenIPMI-libs-2.0.16-14.el6.i686.rpm OpenIPMI-perl-2.0.16-14.el6.i686.rpm OpenIPMI-python-2.0.16-14.el6.i686.rpm x86_64: OpenIPMI-2.0.16-14.el6.x86_64.rpm OpenIPMI-devel-2.0.16-14.el6.i686.rpm OpenIPMI-devel-2.0.16-14.el6.x86_64.rpm OpenIPMI-libs-2.0.16-14.el6.i686.rpm OpenIPMI-libs-2.0.16-14.el6.x86_64.rpm OpenIPMI-perl-2.0.16-14.el6.x86_64.rpm OpenIPMI-python-2.0.16-14.el6.x86_64.rpm On 03/14/2013 09:39 AM, Pat Riehecky wrote: > Synopsis: Important: kernel security and bug fix update > Issue Date: 2013-03-12 > CVE Numbers: CVE-2013-0228 > CVE-2013-0268 > -- > > This update fixes the following security issues: > > * A flaw was found in the way the xen_iret() function in the Linux kernel > used the DS (the CPU's Data Segment) register. A local, unprivileged user > in a 32-bit, para-virtualized Xen hypervisor guest could use this flaw to > crash the guest or, potentially, escalate their privileges. > (CVE-2013-0228, Important) > > * A flaw was found in the way file permission checks for the > "/dev/cpu/[x]/msr" files were performed in restricted root environments > (for example, when using a capability-based security model). A local user > with the ability to write to these files could use this flaw to escalate > their privileges to kernel level, for example, by writing to the > SYSENTER_EIP_MSR register. (CVE-2013-0268, Important) > > The system must be rebooted for this update to take effect. > -- > > SL6 > x86_64 > kernel-2.6.32-358.2.1.el6.x86_64.rpm > kernel-debug-2.6.32-358.2.1.el6.x86_64.rpm > kernel-debug-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm > kernel-debug-devel-2.6.32-358.2.1.el6.x86_64.rpm > kernel-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm > kernel-debuginfo-common-x86_64-2.6.32-358.2.1.el6.x86_64.rpm > kernel-devel-2.6.32-358.2.1.el6.x86_64.rpm > kernel-headers-2.6.32-358.2.1.el6.x86_64.rpm > perf-2.6.32-358.2.1.el6.x86_64.rpm > perf-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm > python-perf-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm > python-perf-2.6.32-358.2.1.el6.x86_64.rpm > i386 > kernel-2.6.32-358.2.1.el6.i686.rpm > kernel-debug-2.6.32-358.2.1.el6.i686.rpm > kernel-debug-debuginfo-2.6.32-358.2.1.el6.i686.rpm > kernel-debug-devel-2.6.32-358.2.1.el6.i686.rpm > kernel-debuginfo-2.6.32-358.2.1.el6.i686.rpm > kernel-debuginfo-common-i686-2.6.32-358.2.1.el6.i686.rpm > kernel-devel-2.6.32-358.2.1.el6.i686.rpm > kernel-headers-2.6.32-358.2.1.el6.i686.rpm > perf-2.6.32-358.2.1.el6.i686.rpm > perf-debuginfo-2.6.32-358.2.1.el6.i686.rpm > python-perf-debuginfo-2.6.32-358.2.1.el6.i686.rpm > python-perf-2.6.32-358.2.1.el6.i686.rpm > noarch > kernel-doc-2.6.32-358.2.1.el6.noarch.rpm > kernel-firmware-2.6.32-358.2.1.el6.noarch.rpm > > - Scientific Linux Development Team -- Pat Riehecky Scientific Linux developer http://www.scientificlinux.org/