kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2013:0630

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

• A flaw was found in the way the xen_iret() function in the Linux kernel
  used the DS (the CPU’s Data Segment) register. A local, unprivileged user
  in a 32-bit, para-virtualized Xen hypervisor guest could use this flaw to
  crash the guest or, potentially, escalate their privileges. (CVE-2013-0228,
  Important)

• A flaw was found in the way file permission checks for the
  “/dev/cpu/[x]/msr” files were performed in restricted root environments
  (for example, when using a capability-based security model). A local user
  with the ability to write to these files could use this flaw to escalate
  their privileges to kernel level, for example, by writing to the
  SYSENTER_EIP_MSR register. (CVE-2013-0268, Important)

The CVE-2013-0228 issue was discovered by Andrew Jones of Red Hat.

This update also fixes several bugs. Documentation for these changes will
be available shortly from the Technical Notes document linked to in the
References section.

Users should upgrade to these updated packages, which contain backported
patches to correct these issues, and fix the bugs noted in the Technical
Notes. The system must be rebooted for this update to take effect.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2013-March/081808.html

Affected packages:
kernel
kernel-debug
kernel-debug-devel
kernel-devel
kernel-doc
kernel-firmware
kernel-headers
perf
python-perf

Upstream details at:
https://access.redhat.com/errata/RHSA-2013:0630