rtkit-0.5-2.AXS4
エラータID: AXSA:2013-630:01
Release date:
Monday, September 30, 2013 - 18:07
Subject:
rtkit-0.5-2.AXS4
Affected Channels:
Asianux Server 4 for ppc
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
RealtimeKit is a D-Bus system service that changes the scheduling policy of user processes/threads to SCHED_RR (i.e. realtime scheduling mode) on request. It is intended to be used as a secure mechanism to allow real-time scheduling to be used by normal user processes.
Security issues fixed with this release:
• CVE-2013-4326
No description available at the time of writing, please refer to the CVE link below.
Solution:
Update packages.
CVEs:
CVE-2013-4326
RealtimeKit (aka rtkit) 0.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
RealtimeKit (aka rtkit) 0.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
Additional Info:
N/A
Download:
SRPMS
- rtkit-0.5-2.AXS4.src.rpm
MD5: 2490e503c4221c4fc6002faabc166ba3
SHA-256: 84efffc00dcadd100a1262bce3049e9c9b9c947745afa6f777ee4a6d72e8c5e4
Size: 151.34 kB
Asianux Server 4 for x86
- rtkit-0.5-2.AXS4.i686.rpm
MD5: 1857abae7897742ea6f3d1193eebd1fe
SHA-256: 807e499d70ae69ad9bccc512fa9c903130bd8dca3b6788a762673b362509c47a
Size: 40.62 kB
Asianux Server 4 for x86_64
- rtkit-0.5-2.AXS4.x86_64.rpm
MD5: aaf2e031456cb25e9a3977e292a235f1
SHA-256: 3ff2c36a2e5375f7e71fbde4fb95bd4f1428f7dfcd68766d1f612da1ff263dad
Size: 40.15 kB