kernel, perf, python security update

2013-02-27T20:10:11
ID CESA-2013:0567
Type centos
Reporter CentOS Project
Modified 2013-03-09T00:45:17

Description

CentOS Errata and Security Advisory CESA-2013:0567

The kernel packages contain the Linux kernel, the core of any Linux operating system.

This update fixes the following security issue:

  • A race condition was found in the way the Linux kernel's ptrace implementation handled PTRACE_SETREGS requests when the debuggee was woken due to a SIGKILL signal instead of being stopped. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2013-0871, Important)

Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2013-March/031663.html http://lists.centos.org/pipermail/centos-cr-announce/2013-February/007008.html

Affected packages: kernel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-firmware kernel-headers perf python-perf

Upstream details at: https://rhn.redhat.com/errata/RHSA-2013-0567.html