Kernel Security and Bug Fix Update

We will be scheduling an important kernel security and bug fix update this weekend.

This would take place as far as possible during the off-peak hours. A reboot is required to complete the upgrade. The downtime should not exceed 30 minutes and it will be minimize as much as possible.

This update is scheduled as follows:

Date: 24 March 2013 (Sunday) to 31 March 2013 (Sunday)

Time: Between 2AM and 8AM EST#

Details of security fix update

* A flaw was found in the way file permission checks for the "/dev/cpu/[x]/msr" files were performed in restricted root environments (for example, when using a capability-based security model). A local user with the ability to write to these files could use this flaw to escalate their privileges to kernel level, for example, by writing to the SYSENTER_EIP_MSR register. (CVE-2013-0268, Important)

* A race condition was found in the way the Linux kernel's ptrace implementation handled PTRACE_SETREGS requests when the debuggee was woken due to a SIGKILL signal instead of being stopped. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2013-0871,
Important)

Sunday, March 24, 2013

« Back

Kernel Security and Bug Fix Update

By Month

By Month

Support

Kernel Security and Bug Fix Update

By Month

By Month

Support

Generate Password