Synopsis

Important: kernel-rt security update

Type/Severity

Security Advisory: Important

Topic

Updated kernel-rt packages that fix one security issue are now available
for Red Hat Enterprise MRG 2.5.

Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

Description

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

• A flaw was found in the way the Linux kernel handled GS segment register
  base switching when recovering from a #SS (stack segment) fault on an
  erroneous return to user space. A local, unprivileged user could use this
  flaw to escalate their privileges on the system. (CVE-2014-9322, Important)
  

Red Hat would like to thank Andy Lutomirski for reporting this issue.

Users are advised to upgrade to these updated packages, which upgrade the
kernel-rt kernel to version kernel-rt-3.10.58-rt62.60 and correct this
issue. The system must be rebooted for this update to take effect.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258

To install kernel packages manually, use "rpm -ivh [package]". Do not use
"rpm -Uvh" as that will remove the running kernel binaries from your
system. You may use "rpm -e" to remove old kernels after determining that
the new kernel functions properly on your system.

Affected Products

• MRG Realtime 2 x86_64

Fixes

• BZ - 1172806 - CVE-2014-9322 kernel: x86: local privesc due to bad_iret and paranoid entry incompatibility

CVEs

• CVE-2014-9322

References

• https://access.redhat.com/security/updates/classification/#important

MRG Realtime 2

SRPM
kernel-rt-3.10.58-rt62.60.el6rt.src.rpm	SHA-256: 7f965e6f8a26fc4edb1219e66b435fdc495e840b8991e28f2e39462c9f8f5866
x86_64
kernel-rt-3.10.58-rt62.60.el6rt.x86_64.rpm	SHA-256: 3714c744db1cfec34b21929b3fb8206fe7e225124a0fc2b53f34da5b66ee5b65
kernel-rt-debug-3.10.58-rt62.60.el6rt.x86_64.rpm	SHA-256: 07c871f88184be9fd605efdaacf750827800bba2137566c96af81437d8c8625e
kernel-rt-debug-debuginfo-3.10.58-rt62.60.el6rt.x86_64.rpm	SHA-256: b9465b0796ed8818ab7aaf905fc350c4bc610240661ef0e44895204ce7221c31
kernel-rt-debug-devel-3.10.58-rt62.60.el6rt.x86_64.rpm	SHA-256: 6c6348af6336f05d324fb6007f021fcc156f1d67e85224030a0839071dfdcc2e
kernel-rt-debuginfo-3.10.58-rt62.60.el6rt.x86_64.rpm	SHA-256: 2b7278829f69da696a264602b2e49b8e183dccdeba0a5ff3c78ee9efe52d8184
kernel-rt-debuginfo-common-x86_64-3.10.58-rt62.60.el6rt.x86_64.rpm	SHA-256: 630eceae8eeaa918cbba25688ac871329b73e0ed5cf67418c5c217eccc93dd3e
kernel-rt-devel-3.10.58-rt62.60.el6rt.x86_64.rpm	SHA-256: 08ecbc1084ed541e3c78c19680afe0d5e3949d3f408b1cb19f4fd2617e2db396
kernel-rt-doc-3.10.58-rt62.60.el6rt.noarch.rpm	SHA-256: 76842518308a4adb3822362ce32aa3a797829c0a1cc245805529fd077ce1a113
kernel-rt-firmware-3.10.58-rt62.60.el6rt.noarch.rpm	SHA-256: 3e726ceebc47b5d15c6ca4b4d033fb5ae1815943061769b35af22bff1fb2979c
kernel-rt-trace-3.10.58-rt62.60.el6rt.x86_64.rpm	SHA-256: 42008ddd2e3200bd8bd26731c0787a7263a951977caa07428e698ac85616a819
kernel-rt-trace-debuginfo-3.10.58-rt62.60.el6rt.x86_64.rpm	SHA-256: b1c16cad92dd46e329ec2b5915e745abac14b2b7ee8574b64ae8598d375d453c
kernel-rt-trace-devel-3.10.58-rt62.60.el6rt.x86_64.rpm	SHA-256: 3b3db34ddb5d029e091723ddfd0c8bcec07caf0bca51f387473aa86a6daf3a69
kernel-rt-vanilla-3.10.58-rt62.60.el6rt.x86_64.rpm	SHA-256: e30cdb3b48d490a0f0d1ecb8ab30a91e64f071bfe70f6f6fef596d9f6c19e006
kernel-rt-vanilla-debuginfo-3.10.58-rt62.60.el6rt.x86_64.rpm	SHA-256: 25bea2af7aaa1fed6aff69dca9b349559734d88d01b94b022b217dffe0f9e24b
kernel-rt-vanilla-devel-3.10.58-rt62.60.el6rt.x86_64.rpm	SHA-256: c2b79eeebd1bcfe634fdeb7da7ce74a8a479e1693c14ac96ffe98cdb8e194429