kernel, perf, python security update

2014-12-18T17:17:29
ID CESA-2014:2010
Type centos
Reporter CentOS Project
Modified 2014-12-18T17:17:29

Description

CentOS Errata and Security Advisory CESA-2014:2010

The kernel packages contain the Linux kernel, the core of any Linux operating system.

  • A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-9322, Important)

Red Hat would like to thank Andy Lutomirski for reporting this issue.

All kernel users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2014-December/032883.html

Affected packages: kernel kernel-abi-whitelists kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-headers kernel-tools kernel-tools-libs kernel-tools-libs-devel perf python-perf

Upstream details at: https://rhn.redhat.com/errata/RHSA-2014-2010.html