Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
98
security advisoryRed Hatsecurity patchRed Hat: RHSA-2013:1282-01 Important: rtkit Race Condition
An updated rtkit package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: rtkit security update Advisory ID: RHSA-2013:1282-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2013:1282.html Issue date: 2013-09-24 CVE Names: CVE-2013-4326 ==================================================================== 1. Summary: An updated rtkit package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: RealtimeKit is a D-Bus system service that changes the scheduling policy of user processes/threads to SCHED_RR (that is, realtime scheduling mode) on request. It is intended to be used as a secure mechanism to allow real-time scheduling to be used by normal user processes. It was found that RealtimeKit communicated with PolicyKit for authorization using a D-Bus API that is vulnerable to a race condition. This could have led to intended PolicyKit authorizations being bypassed. This update modifies RealtimeKit to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2013-4326) All rtkitusers are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 1006677 - CVE-2013-4326 rtkit: insecure calling of polkit 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: i386: rtkit-0.5-2.el6_4.i686.rpm rtkit-debuginfo-0.5-2.el6_4.i686.rpm x86_64: rtkit-0.5-2.el6_4.x86_64.rpm rtkit-debuginfo-0.5-2.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: x86_64: rtkit-0.5-2.el6_4.x86_64.rpm rtkit-debuginfo-0.5-2.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: i386: rtkit-0.5-2.el6_4.i686.rpm rtkit-debuginfo-0.5-2.el6_4.i686.rpm ppc64: rtkit-0.5-2.el6_4.ppc64.rpm rtkit-debuginfo-0.5-2.el6_4.ppc64.rpm s390x: rtkit-0.5-2.el6_4.s390x.rpm rtkit-debuginfo-0.5-2.el6_4.s390x.rpm x86_64: rtkit-0.5-2.el6_4.x86_64.rpm rtkit-debuginfo-0.5-2.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: i386: rtkit-0.5-2.el6_4.i686.rpm rtkit-debuginfo-0.5-2.el6_4.i686.rpm x86_64: rtkit-0.5-2.el6_4.x86_64.rpm rtkit-debuginfo-0.5-2.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2013-4326 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4(GNU/Linux) iD8DBQFSQdboXlSAg2UNWIIRAjICAKDAaBBYvK8YQ0/Q7wfMv44GLAe0LACeMdIh K62cK5RA4ipEAdwrPp+lmtM=CwFi -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Sep 24, 2013
•Important
Red Hat
200
security advisoryupdateimportantScientific Linux SL6: SLSA-2013:1282-1 Important: rtkit Race Condition
Important: rtkit security update. Date: Tue, 24 Sep 2013 22:09:30 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Connie Sieh Subject: Security ERRATA Important: rtkit on SL6.x i386/x86_64 MIME-Version: 1.0 Synopsis: Important: rtkit security update Advisory ID: SLSA-2013:1282-1 Issue Date: 2013-09-24 CVE Numbers: CVE-2013-4326 -- It was found that RealtimeKit communicated with PolicyKit for authorization using a D-Bus API that is vulnerable to a race condition. This could have led to intended PolicyKit authorizations being bypassed. This update modifies RealtimeKit to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2013-4326) -- SL6 x86_64 rtkit-0.5-2.el6_4.x86_64.rpm rtkit-debuginfo-0.5-2.el6_4.x86_64.rpm i386 rtkit-0.5-2.el6_4.i686.rpm rtkit-debuginfo-0.5-2.el6_4.i686.rpm - Scientific Linux Development Team . Critical patch resolves synchronization flaws within RealtimeKit impacting Scientific Linux 6.. RealtimeKit Update, Scientific Linux Security, Race Condition Fix. . Severity: Important. LinuxSecurity.com Team
Sep 24, 2013
•Important
Scientific Linux
98
security advisoryRed Hatcritical fixCritical Update for Red Hat Enterprise Linux 6: RHSA-2013:1282-01 for rtkit
An updated rtkit package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Important: rtkit security update Advisory ID: RHSA-2013:1282-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2013:1282.html Issue date: 2013-09-24 CVE Names: CVE-2013-4326 ==================================================================== 1. Summary: An updated rtkit package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: RealtimeKit is a D-Bus system service that changes the scheduling policy of user processes/threads to SCHED_RR (that is, realtime scheduling mode) on request. It is intended to be used as a secure mechanism to allow real-time scheduling to be used by normal user processes. It was found that RealtimeKit communicated with PolicyKit for authorization using a D-Bus API that is vulnerable to a race condition. This could have led to intended PolicyKit authorizations being bypassed. This update modifies RealtimeKit to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2013-4326) All rtkit users are advised to upgrade to this updated package, which contains a backported patch to correct thisissue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 1006677 - CVE-2013-4326 rtkit: insecure calling of polkit 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: i386: rtkit-0.5-2.el6_4.i686.rpm rtkit-debuginfo-0.5-2.el6_4.i686.rpm x86_64: rtkit-0.5-2.el6_4.x86_64.rpm rtkit-debuginfo-0.5-2.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: x86_64: rtkit-0.5-2.el6_4.x86_64.rpm rtkit-debuginfo-0.5-2.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: i386: rtkit-0.5-2.el6_4.i686.rpm rtkit-debuginfo-0.5-2.el6_4.i686.rpm ppc64: rtkit-0.5-2.el6_4.ppc64.rpm rtkit-debuginfo-0.5-2.el6_4.ppc64.rpm s390x: rtkit-0.5-2.el6_4.s390x.rpm rtkit-debuginfo-0.5-2.el6_4.s390x.rpm x86_64: rtkit-0.5-2.el6_4.x86_64.rpm rtkit-debuginfo-0.5-2.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: i386: rtkit-0.5-2.el6_4.i686.rpm rtkit-debuginfo-0.5-2.el6_4.i686.rpm x86_64: rtkit-0.5-2.el6_4.x86_64.rpm rtkit-debuginfo-0.5-2.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2013-4326 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2013 Red Hat, Inc. . Red Hat Security Advisory Synopsis: Important: rtkit security update Advisory ID: RHSA-2013:1282-01 . updated, rtkit, package, fixes, security, enterprise, linux. . Severity: Important. LinuxSecurity.com Team
Sep 24, 2013
•Important
Red Hat
172
security advisorymoderateubuntuUbuntu 13.04 USN-1959-1 Moderate: RealtimeKit Polkit Bypass
RealtimeKit could be tricked into bypassing polkit authorizations.. =========================================================================Ubuntu Security Notice USN-1959-1 September 18, 2013 rtkit vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.04 - Ubuntu 12.10 - Ubuntu 12.04 LTS Summary: RealtimeKit could be tricked into bypassing polkit authorizations. Software Description: - rtkit: Realtime Policy and Watchdog Daemon Details: It was discovered that RealtimeKit was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.04: rtkit 0.10-2ubuntu0.13.04.1 Ubuntu 12.10: rtkit 0.10-2ubuntu0.12.10.1 Ubuntu 12.04 LTS: rtkit 0.10-2ubuntu0.12.04.1 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1959-1 CVE-2013-4326 Package Information: https://launchpad.net/ubuntu/+source/rtkit/0.10-2ubuntu0.13.04.1 https://launchpad.net/ubuntu/+source/rtkit/0.10-2ubuntu0.12.10.1 https://launchpad.net/ubuntu/+source/rtkit/0.10-2ubuntu0.12.04.1 . Versions 13.04, 12.10, and 12.04 LTS of Ubuntu vulnerable due to RealtimeKit exploit. Ensure you update your system for security enhancements.. RealtimeKit Vulnerability, Polkit Bypass, Ubuntu Update. . Severity: Important. LinuxSecurity.com Team
Sep 18, 2013
•Important
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!