Red Hat has released a kernel security update for EL5 that will apply to SME8.1, it has been rated as Important.
Update will be available from upstream as appropriate.
For full notice:
https://rhn.redhat.com/errata/RHSA-2014-2008.html=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security update
Advisory ID: RHSA-2014:2008-01
Product: Red Hat Enterprise Linux
Advisory URL:
https://rhn.redhat.com/errata/RHSA-2014-2008.htmlIssue date: 2014-12-17
CVE Names: CVE-2014-9322
=====================================================================
1. Summary:
Updated kernel packages that fix one security issue are now available for
Red Hat Enterprise Linux 5.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
* A flaw was found in the way the Linux kernel handled GS segment register
base switching when recovering from a #SS (stack segment) fault on an
erroneous return to user space. A local, unprivileged user could use this
flaw to escalate their privileges on the system. (CVE-2014-9322, Important)
Red Hat would like to thank Andy Lutomirski for reporting this issue.
All kernel users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. The system must be
rebooted for this update to take effect.