Skip to navigation

Security Advisory Important: rtkit security update

Advisory: RHSA-2013:1282-1
Type: Security Advisory
Severity: Important
Issued on: 2013-09-24
Last updated on: 2013-09-24
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server AUS (v. 6.4)
Red Hat Enterprise Linux Server EUS (v. 6.4.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2013-4326

Details

An updated rtkit package that fixes one security issue is now available for
Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

RealtimeKit is a D-Bus system service that changes the scheduling policy of
user processes/threads to SCHED_RR (that is, realtime scheduling mode) on
request. It is intended to be used as a secure mechanism to allow real-time
scheduling to be used by normal user processes.

It was found that RealtimeKit communicated with PolicyKit for authorization
using a D-Bus API that is vulnerable to a race condition. This could have
led to intended PolicyKit authorizations being bypassed. This update
modifies RealtimeKit to communicate with PolicyKit via a different API that
is not vulnerable to the race condition. (CVE-2013-4326)

All rtkit users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
rtkit-0.5-2.el6_4.src.rpm     MD5: bac468da42e45ffb8d78eb3a42d3a2e2
SHA-256: 9c8e3a041e7977e123546c21a0c2b55702aac8d532a3a0dd0ad0caedf4925cf5
 
IA-32:
rtkit-0.5-2.el6_4.i686.rpm     MD5: 2fc9ac9070aa0609957044e10065c6ba
SHA-256: f5f2328168ace963ddcbf77460223631e243e8f50865ca3649b11910e2c54bac
rtkit-debuginfo-0.5-2.el6_4.i686.rpm     MD5: 2c506b33ba00d8fb2e9363edb2fe6f36
SHA-256: 87d94f24efeeb69276a59e08bbd4fbab0531d881224602823281b7a1b4fe520f
 
x86_64:
rtkit-0.5-2.el6_4.x86_64.rpm     MD5: 39c993be554b3367ddc4ac92303d3d0d
SHA-256: 298e5147fff4d27300bde9c876a0cd5d1be5b7862104670458c3c1897353ff66
rtkit-debuginfo-0.5-2.el6_4.x86_64.rpm     MD5: 18485479a305f1d6ce74d8cbd8dbafd2
SHA-256: aa186eeba665ad0f72668f31ff910097d3c0f1bd0a6e6b39aa4c084c33df054a
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
rtkit-0.5-2.el6_4.src.rpm     MD5: bac468da42e45ffb8d78eb3a42d3a2e2
SHA-256: 9c8e3a041e7977e123546c21a0c2b55702aac8d532a3a0dd0ad0caedf4925cf5
 
x86_64:
rtkit-0.5-2.el6_4.x86_64.rpm     MD5: 39c993be554b3367ddc4ac92303d3d0d
SHA-256: 298e5147fff4d27300bde9c876a0cd5d1be5b7862104670458c3c1897353ff66
rtkit-debuginfo-0.5-2.el6_4.x86_64.rpm     MD5: 18485479a305f1d6ce74d8cbd8dbafd2
SHA-256: aa186eeba665ad0f72668f31ff910097d3c0f1bd0a6e6b39aa4c084c33df054a
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
rtkit-0.5-2.el6_4.src.rpm     MD5: bac468da42e45ffb8d78eb3a42d3a2e2
SHA-256: 9c8e3a041e7977e123546c21a0c2b55702aac8d532a3a0dd0ad0caedf4925cf5
 
IA-32:
rtkit-0.5-2.el6_4.i686.rpm     MD5: 2fc9ac9070aa0609957044e10065c6ba
SHA-256: f5f2328168ace963ddcbf77460223631e243e8f50865ca3649b11910e2c54bac
rtkit-debuginfo-0.5-2.el6_4.i686.rpm     MD5: 2c506b33ba00d8fb2e9363edb2fe6f36
SHA-256: 87d94f24efeeb69276a59e08bbd4fbab0531d881224602823281b7a1b4fe520f
 
PPC:
rtkit-0.5-2.el6_4.ppc64.rpm     MD5: 5932e90391eafed23cc338d659784449
SHA-256: 35f94797b22c090114597166cd6547ded603fdfbdcb845189a611badff56d6ab
rtkit-debuginfo-0.5-2.el6_4.ppc64.rpm     MD5: 13399241cd028f6512656c513e55caa5
SHA-256: f3a53f70f52791158754d9ad95db66c548c6b40cf3d762a0ef695372df1c92e8
 
s390x:
rtkit-0.5-2.el6_4.s390x.rpm     MD5: 651c5e02b9d869d8b83e04ac04605868
SHA-256: 00f74cfa0d2e1b382e189ef3480c9180465e9051d449e6a2ee807bf01b14b708
rtkit-debuginfo-0.5-2.el6_4.s390x.rpm     MD5: 80cef5032b29688b36b8b7ce0c624ea3
SHA-256: 935def867afb2a9aeb06f2c550e1487d28a80c7df9f9486bd27821f251366af4
 
x86_64:
rtkit-0.5-2.el6_4.x86_64.rpm     MD5: 39c993be554b3367ddc4ac92303d3d0d
SHA-256: 298e5147fff4d27300bde9c876a0cd5d1be5b7862104670458c3c1897353ff66
rtkit-debuginfo-0.5-2.el6_4.x86_64.rpm     MD5: 18485479a305f1d6ce74d8cbd8dbafd2
SHA-256: aa186eeba665ad0f72668f31ff910097d3c0f1bd0a6e6b39aa4c084c33df054a
 
Red Hat Enterprise Linux Server AUS (v. 6.4)

SRPMS:
rtkit-0.5-2.el6_4.src.rpm     MD5: bac468da42e45ffb8d78eb3a42d3a2e2
SHA-256: 9c8e3a041e7977e123546c21a0c2b55702aac8d532a3a0dd0ad0caedf4925cf5
 
x86_64:
rtkit-0.5-2.el6_4.x86_64.rpm     MD5: 39c993be554b3367ddc4ac92303d3d0d
SHA-256: 298e5147fff4d27300bde9c876a0cd5d1be5b7862104670458c3c1897353ff66
rtkit-debuginfo-0.5-2.el6_4.x86_64.rpm     MD5: 18485479a305f1d6ce74d8cbd8dbafd2
SHA-256: aa186eeba665ad0f72668f31ff910097d3c0f1bd0a6e6b39aa4c084c33df054a
 
Red Hat Enterprise Linux Server EUS (v. 6.4.z)

SRPMS:
rtkit-0.5-2.el6_4.src.rpm     MD5: bac468da42e45ffb8d78eb3a42d3a2e2
SHA-256: 9c8e3a041e7977e123546c21a0c2b55702aac8d532a3a0dd0ad0caedf4925cf5
 
IA-32:
rtkit-0.5-2.el6_4.i686.rpm     MD5: 2fc9ac9070aa0609957044e10065c6ba
SHA-256: f5f2328168ace963ddcbf77460223631e243e8f50865ca3649b11910e2c54bac
rtkit-debuginfo-0.5-2.el6_4.i686.rpm     MD5: 2c506b33ba00d8fb2e9363edb2fe6f36
SHA-256: 87d94f24efeeb69276a59e08bbd4fbab0531d881224602823281b7a1b4fe520f
 
PPC:
rtkit-0.5-2.el6_4.ppc64.rpm     MD5: 5932e90391eafed23cc338d659784449
SHA-256: 35f94797b22c090114597166cd6547ded603fdfbdcb845189a611badff56d6ab
rtkit-debuginfo-0.5-2.el6_4.ppc64.rpm     MD5: 13399241cd028f6512656c513e55caa5
SHA-256: f3a53f70f52791158754d9ad95db66c548c6b40cf3d762a0ef695372df1c92e8
 
s390x:
rtkit-0.5-2.el6_4.s390x.rpm     MD5: 651c5e02b9d869d8b83e04ac04605868
SHA-256: 00f74cfa0d2e1b382e189ef3480c9180465e9051d449e6a2ee807bf01b14b708
rtkit-debuginfo-0.5-2.el6_4.s390x.rpm     MD5: 80cef5032b29688b36b8b7ce0c624ea3
SHA-256: 935def867afb2a9aeb06f2c550e1487d28a80c7df9f9486bd27821f251366af4
 
x86_64:
rtkit-0.5-2.el6_4.x86_64.rpm     MD5: 39c993be554b3367ddc4ac92303d3d0d
SHA-256: 298e5147fff4d27300bde9c876a0cd5d1be5b7862104670458c3c1897353ff66
rtkit-debuginfo-0.5-2.el6_4.x86_64.rpm     MD5: 18485479a305f1d6ce74d8cbd8dbafd2
SHA-256: aa186eeba665ad0f72668f31ff910097d3c0f1bd0a6e6b39aa4c084c33df054a
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
rtkit-0.5-2.el6_4.src.rpm     MD5: bac468da42e45ffb8d78eb3a42d3a2e2
SHA-256: 9c8e3a041e7977e123546c21a0c2b55702aac8d532a3a0dd0ad0caedf4925cf5
 
IA-32:
rtkit-0.5-2.el6_4.i686.rpm     MD5: 2fc9ac9070aa0609957044e10065c6ba
SHA-256: f5f2328168ace963ddcbf77460223631e243e8f50865ca3649b11910e2c54bac
rtkit-debuginfo-0.5-2.el6_4.i686.rpm     MD5: 2c506b33ba00d8fb2e9363edb2fe6f36
SHA-256: 87d94f24efeeb69276a59e08bbd4fbab0531d881224602823281b7a1b4fe520f
 
x86_64:
rtkit-0.5-2.el6_4.x86_64.rpm     MD5: 39c993be554b3367ddc4ac92303d3d0d
SHA-256: 298e5147fff4d27300bde9c876a0cd5d1be5b7862104670458c3c1897353ff66
rtkit-debuginfo-0.5-2.el6_4.x86_64.rpm     MD5: 18485479a305f1d6ce74d8cbd8dbafd2
SHA-256: aa186eeba665ad0f72668f31ff910097d3c0f1bd0a6e6b39aa4c084c33df054a
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1006677 - CVE-2013-4326 rtkit: insecure calling of polkit


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/