Important CentOS rtkit Update

Metadata

medium
4.6
rtkit-0.5-2.el6_4.i686.rpm, rtkit-0.5-2.el6_4.src.rpm, rtkit-0.5-2.el6_4.x86_64.rpm
CVE-2013-4326
rhn.redhat.com, lists.centos.org
2013-09-24
2017-07-27 19:06
CVE-2013-4326 rtkit
CVE-2013-4326
2017-04-01 19:07
2017-01-05 20:11

Description


An updated rtkit package that fixes one security issue is now available for
Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

RealtimeKit is a D-Bus system service that changes the scheduling policy of
user processes/threads to SCHED_RR (that is, realtime scheduling mode) on
request. It is intended to be used as a secure mechanism to allow real-time
scheduling to be used by normal user processes.

It was found that RealtimeKit communicated with PolicyKit for authorization
using a D-Bus API that is vulnerable to a race condition. This could have
led to intended PolicyKit authorizations being bypassed. This update
modifies RealtimeKit to communicate with PolicyKit via a different API that
is not vulnerable to the race condition. (CVE-2013-4326)

All rtkit users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
6 rtkit rtkit-0.5-2.el6_4.i686.rpm
rtkit rtkit-0.5-2.el6_4.src.rpm
rtkit rtkit-0.5-2.el6_4.x86_64.rpm