Submitted by admin on

WHAT'S HAPPENING?
A high-severity vulnerability in Linux kernels between versions 2.6.37 and 3.8.9 has been announced.  Exploit code is publicly available that allows an authenticated user to gain root access to the affected system.


WHO IS AFFECTED?
Users managing outland Linux systems running vulnerable kernels.  


WHAT DO YOU NEED TO DO?
TSO recommends the following actions:

Affected users should apply patches or other mitigating steps according to their distributions as soon as possible.  

Red Hat Enterprise Linux (RHEL) 6.1 and later are vulnerable.  Users with affected systems should refer to http://rhn.redhat.com/errata/RHSA-2013-0830.html for further details.

Debian Sid, Wheezy, and Jessie are vulnerable.  Users with affected systems should refer to http://security-tracker.debian.org/tracker/CVE-2013-2094 for further details.

Ubuntu 10.04 and later are vulnerable.  Users with affected systems should refer to http://bugs.launchpad.net/ubuntu/+source/linux/+bug/1179943 for further details.

Additional details are available at
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2094
and
http://arstechnica.com/security/2013/05/critical-linux-vulnerability-imperils-users-even-after-silent-fix/
and
http://www.h-online.com/open/news/item/Exploit-for-local-Linux-kernel-bug-in-circulation-Update-1863892.html


WHO SHOULD YOU CONTACT FOR QUESTIONS?
TSO Help Desk (CCB 148, 404.894.7065, helpdesk@cc.gatech.edu).