User login
Qlustar: Install and enjoy!

[QSA - 0220131] Linux kernel vulnerability

Qlustar Security Advisory 0220131

February 26, 2013

Summary:

The system could be made to run programs as an administrator.


Package(s)       : linux-image-ql-server, linux-image-ql-beowulf
Affected versions: All versions prior to this update
Vulnerability    : privilege escalation/denial of service
Problem type     : local
Qlustar-specific : no
CVE Id(s)        : CVE-2013-0231, CVE-2013-0871

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2013-0231

Jan Beulich provided a fix for an issue in the Xen PCI backend drivers. Users of guests on a system using passed-through PCI devices can create a denial of service of the host system due to the use of non-ratelimited kernel log messages.

CVE-2013-0871

Suleiman Souhlal and Salman Qazi of Google, with help from Aaron Durbin and Michael Davidson of Google, discovered an issue in the ptrace subsystem. Due to a race condition with PTRACE_SETREGS, local users can cause kernel stack corruption and execution of arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

linux-image-ql-server                      2.6.32.60-ql-server-63
qlustar-module-core-precise-amd64-8.0.0    8.0.0-b412f795

After a standard system update you need to reboot your head-node(s) and all nodes running an image based on qlustar-module-core-precise-amd64-8.0.0 to make the necessary changes.

glqxz9283 sfy39587stf02 mnesdcuix8
sfy39587stf03
sfy39587p08