Updated kernel-rt packages that fix one security issue are now availablefor Red Hat Enterprise MRG 2.5.Red Hat Product Security has rated this update as having Important securityimpact. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available from the CVE link in theReferences section.

The kernel-rt packages contain the Linux kernel, the core of any Linuxoperating system.* A flaw was found in the way the Linux kernel handled GS segment registerbase switching when recovering from a #SS (stack segment) fault on anerroneous return to user space. A local, unprivileged user could use thisflaw to escalate their privileges on the system. (CVE-2014-9322, Important)Red Hat would like to thank Andy Lutomirski for reporting this issue.Users are advised to upgrade to these updated packages, which upgrade thekernel-rt kernel to version kernel-rt-3.10.58-rt62.60 and correct thisissue. The system must be rebooted for this update to take effect.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.This update is available via the Red Hat Network. Details on how to use theRed Hat Network to apply this update are available athttps://access.redhat.com/articles/11258To install kernel packages manually, use “rpm -ivh [package]”. Do not use”rpm -Uvh” as that will remove the running kernel binaries from yoursystem. You may use “rpm -e” to remove old kernels after determining thatthe new kernel functions properly on your system.Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6)

SRPMS:
kernel-rt-3.10.58-rt62.60.el6rt.src.rpm
    MD5: 0a856d35f032d4b8d47e25360c48d333SHA-256: 7f965e6f8a26fc4edb1219e66b435fdc495e840b8991e28f2e39462c9f8f5866
 
x86_64:
kernel-rt-3.10.58-rt62.60.el6rt.x86_64.rpm
    MD5: 2961ce441bb409141a39de4316f18f52SHA-256: 3714c744db1cfec34b21929b3fb8206fe7e225124a0fc2b53f34da5b66ee5b65
kernel-rt-debug-3.10.58-rt62.60.el6rt.x86_64.rpm
    MD5: cbd73e8618e10631d196fb73f9bcde97SHA-256: 07c871f88184be9fd605efdaacf750827800bba2137566c96af81437d8c8625e
kernel-rt-debug-debuginfo-3.10.58-rt62.60.el6rt.x86_64.rpm
    MD5: ec9445e7cba807149061b973c93bd26fSHA-256: b9465b0796ed8818ab7aaf905fc350c4bc610240661ef0e44895204ce7221c31
kernel-rt-debug-devel-3.10.58-rt62.60.el6rt.x86_64.rpm
    MD5: 9c9e05465af44281adf8b5929ed791dbSHA-256: 6c6348af6336f05d324fb6007f021fcc156f1d67e85224030a0839071dfdcc2e
kernel-rt-debuginfo-3.10.58-rt62.60.el6rt.x86_64.rpm
    MD5: c3576a95690546d8ecac00d3e40961f0SHA-256: 2b7278829f69da696a264602b2e49b8e183dccdeba0a5ff3c78ee9efe52d8184
kernel-rt-debuginfo-common-x86_64-3.10.58-rt62.60.el6rt.x86_64.rpm
    MD5: 7023bfaa9f6de5b8fa1b0e602172a0deSHA-256: 630eceae8eeaa918cbba25688ac871329b73e0ed5cf67418c5c217eccc93dd3e
kernel-rt-devel-3.10.58-rt62.60.el6rt.x86_64.rpm
    MD5: ebaa917292a22d026cc8179ba9b37e80SHA-256: 08ecbc1084ed541e3c78c19680afe0d5e3949d3f408b1cb19f4fd2617e2db396
kernel-rt-doc-3.10.58-rt62.60.el6rt.noarch.rpm
    MD5: a625811de325842fb1cea97bc72de465SHA-256: 76842518308a4adb3822362ce32aa3a797829c0a1cc245805529fd077ce1a113
kernel-rt-firmware-3.10.58-rt62.60.el6rt.noarch.rpm
    MD5: 83fb2ce23a3e41974443c785090dd652SHA-256: 3e726ceebc47b5d15c6ca4b4d033fb5ae1815943061769b35af22bff1fb2979c
kernel-rt-trace-3.10.58-rt62.60.el6rt.x86_64.rpm
    MD5: a0158ef7cb63106bafaa3533d3e07ac7SHA-256: 42008ddd2e3200bd8bd26731c0787a7263a951977caa07428e698ac85616a819
kernel-rt-trace-debuginfo-3.10.58-rt62.60.el6rt.x86_64.rpm
    MD5: d969d84bc74bee79d17e87d38d123a58SHA-256: b1c16cad92dd46e329ec2b5915e745abac14b2b7ee8574b64ae8598d375d453c
kernel-rt-trace-devel-3.10.58-rt62.60.el6rt.x86_64.rpm
    MD5: 16b7c97e71267a21897a9ee81bbad50aSHA-256: 3b3db34ddb5d029e091723ddfd0c8bcec07caf0bca51f387473aa86a6daf3a69
kernel-rt-vanilla-3.10.58-rt62.60.el6rt.x86_64.rpm
    MD5: 5351f31d63ab82308c0afa59e93a9c56SHA-256: e30cdb3b48d490a0f0d1ecb8ab30a91e64f071bfe70f6f6fef596d9f6c19e006
kernel-rt-vanilla-debuginfo-3.10.58-rt62.60.el6rt.x86_64.rpm
    MD5: d6b6dc2f58fbf4264170d4dbef557939SHA-256: 25bea2af7aaa1fed6aff69dca9b349559734d88d01b94b022b217dffe0f9e24b
kernel-rt-vanilla-devel-3.10.58-rt62.60.el6rt.x86_64.rpm
    MD5: 81847d70b0822dd7f242f902bb137653SHA-256: c2b79eeebd1bcfe634fdeb7da7ce74a8a479e1693c14ac96ffe98cdb8e194429
 
(The unlinked packages above are only available from the Red Hat Network)
1172806 – CVE-2014-9322 kernel: x86: local privesc due to bad_iret and paranoid entry incompatibility

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply