Oval Definition:oval:com.redhat.rhsa:def:20130621
Revision Date:2013-03-11Version:637
Title:RHSA-2013:0621: kernel security update (Important)
Description:The kernel packages contain the Linux kernel, the core of any Linux operating system.

This update fixes the following security issues:

  • A flaw was found in the way file permission checks for the "/dev/cpu/[x]/msr" files were performed in restricted root environments (for example, when using a capability-based security model). A local user with the ability to write to these files could use this flaw to escalate their privileges to kernel level, for example, by writing to the SYSENTER_EIP_MSR register. (CVE-2013-0268, Important)

  • A race condition was found in the way the Linux kernel's ptrace implementation handled PTRACE_SETREGS requests when the debuggee was woken due to a SIGKILL signal instead of being stopped. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2013-0871, Important)

    Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2013-0268
    CVE-2013-0871
    RHSA-2013:0621
    RHSA-2013:0621-00
    RHSA-2013:0621-01
    RHSA-2013:0621-01
    Platform(s):Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • kernel earlier than 0:2.6.18-348.3.1.el5 is currently running
  • OR kernel earlier than 0:2.6.18-348.3.1.el5 is set to boot up on next boot
  • AND
  • kernel is earlier than 0:2.6.18-348.3.1.el5
  • AND kernel is signed with Red Hat redhatrelease2 key
  • kernel-PAE is earlier than 0:2.6.18-348.3.1.el5
  • AND kernel-PAE is signed with Red Hat redhatrelease2 key
  • kernel-PAE-devel is earlier than 0:2.6.18-348.3.1.el5
  • AND kernel-PAE-devel is signed with Red Hat redhatrelease2 key
  • kernel-debug is earlier than 0:2.6.18-348.3.1.el5
  • AND kernel-debug is signed with Red Hat redhatrelease2 key
  • kernel-debug-devel is earlier than 0:2.6.18-348.3.1.el5
  • AND kernel-debug-devel is signed with Red Hat redhatrelease2 key
  • kernel-devel is earlier than 0:2.6.18-348.3.1.el5
  • AND kernel-devel is signed with Red Hat redhatrelease2 key
  • kernel-doc is earlier than 0:2.6.18-348.3.1.el5
  • AND kernel-doc is signed with Red Hat redhatrelease2 key
  • kernel-headers is earlier than 0:2.6.18-348.3.1.el5
  • AND kernel-headers is signed with Red Hat redhatrelease2 key
  • kernel-kdump is earlier than 0:2.6.18-348.3.1.el5
  • AND kernel-kdump is signed with Red Hat redhatrelease2 key
  • kernel-kdump-devel is earlier than 0:2.6.18-348.3.1.el5
  • AND kernel-kdump-devel is signed with Red Hat redhatrelease2 key
  • kernel-xen is earlier than 0:2.6.18-348.3.1.el5
  • AND kernel-xen is signed with Red Hat redhatrelease2 key
  • kernel-xen-devel is earlier than 0:2.6.18-348.3.1.el5
  • AND kernel-xen-devel is signed with Red Hat redhatrelease2 key
    • BACK