A race conditon in ptrace can lead to kernel stack corruption and arbitrary kernel-mode code execution. A local unprivileged user could use this flaw to elevate his privileges. References: http://seclists.org/oss-sec/2013/q1/326 Upstream fixes: 910ffdb18a6408e14febbb6e4b6840fd2c928c82 9899d11f654474d2d54ea52ceaa2a1f4db3abd68 9067ac85d533651b98c2ff903182a20cbb361fcb
Created kernel tracking bugs for this issue Affects: fedora-all [bug 911942]
Statement: This issue did affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. Future updates may address this issue. Please note that while a public non-weaponized exploit exists, according to our testing the issue is very hard to hit.
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:0567 https://rhn.redhat.com/errata/RHSA-2013-0567.html
Is this issue going to be addressed in Red Hat Enterprise Linux 5, or is Comment 5 wrong about it being affected?
This issue has been addressed in following products: MRG for RHEL-6 v.2 Via RHSA-2013:0622 https://rhn.redhat.com/errata/RHSA-2013-0622.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:0621 https://rhn.redhat.com/errata/RHSA-2013-0621.html
Hello, (In reply to comment #17) > Is this issue going to be addressed in Red Hat Enterprise Linux 5, or is > Comment 5 wrong about it being affected? today we released RHSA-2013:0621 (https://rhn.redhat.com/errata/RHSA-2013-0621.html) that fixes this issue in Red Hat Enterprise Linux 5. Best regards, -- Petr Matousek / Red Hat Security Response Team
This issue has been addressed in following products: Red Hat Enterprise Linux 6.3 EUS - Server Only Via RHSA-2013:0662 https://rhn.redhat.com/errata/RHSA-2013-0662.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6.1 EUS - Server Only Via RHSA-2013:0661 https://rhn.redhat.com/errata/RHSA-2013-0661.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5.6 EUS - Server Only Via RHSA-2013:0695 https://rhn.redhat.com/errata/RHSA-2013-0695.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6.2 EUS - Server Only Via RHSA-2013:0741 https://rhn.redhat.com/errata/RHSA-2013-0741.html