There is a kernel security issue that allows unprivileged (normal) users to gain root access on CentOS-6.4 x86_64 machines. The upstream bugzilla entry is here: https://bugzilla.redhat.com/show_bug.cgi?id=962792 There is a *TESTING* kernel that should mitigate this issue available here: http://people.centos.org/hughesjr/c6kernel/2.6.32-358.6.1.el6.cve20132094/ Signing Key: http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-Testing-6 This kernel is the current CentOS-6.4 kernel with this one patch added and recompiled: https://patchwork.kernel.org/patch/2441281/ Note: This is signed by the centos-6 test key and it is provided as a best effort option to mitigate the above security issue while waiting for an upstream solution. It has been tested by our QA Team, but it is *NOT* an official CentOS package and needs to be fully tested for fitness by each user before used in production. Please see this mailing list thread: http://lists.centos.org/pipermail/centos/2013-May/134726.html And/or this Forum thread: http://www.centos.org/modules/newbb/viewtopic.php?topic_id=42827&forum=59 For more details. Thanks, Johnny Hughes
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ CentOS-announce mailing list CentOS-announce@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos-announce
