Re: Possible Kernel user escalation issue for CentOS-6.4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Wed, 17 Jul 2013 01:14:50 -0500
Johnny Hughes <johnny@xxxxxxxxxx> wrote:

> On 07/02/2013 04:55 PM, Johnny Hughes wrote:
> > The following kernel has been built while waiting for upstream to
> > release a new kernel that addresses CVE-2013-2224:
> >
> > http://people.centos.org/hughesjr/c6kernel/2.6.32-358.11.1.el6.cve20132224/
> >
> > Please see this upstream bug for details:
> >
> > https://bugzilla.redhat.com/show_bug.cgi?id=979936
> >
> > =========================
> >
> > Note:  This kernel has been minimally tested and is provided as is
> > for people who do not want to wait for the official kernel.  It is
> > the standard CentOS kernel with one added patch (
> > https://bugzilla.redhat.com/attachment.cgi?id=767364)
> >
> > This kernel needs to be tested for fitness by each user before being
> > placed in production.  It is a best effort to mitigate an issue
> > that can cause local user escalation to root while waiting for
> > upstream to fix and QA the official kernel.  Use at your own risk.
> >
> 
> There has been a new upstream kernel released
> (kernel-2.6.32-358.14.1.el6.src.rpm) and we have released a testing
> kernel that addresses this issue.  Same warnings and bugzilla links
> apply (this is a best effort, use at your own risk, yada yada yada !):
> 
> http://people.centos.org/hughesjr/c6kernel/2.6.32-358.14.1.el6.cve20132224/
> 
> Thanks,
> Johnny Hughes
> 

Thanks for these Johnny much appreciated, I was quite surprised to find
the fix was not in the .14.1 kernel update from upstream.

I guess upstream does not see this as "important" enough.

Regards, 
Jake Shipton (JakeMS)
GPG Key: 0xE3C31D8F
GPG Fingerprint: 7515 CC63 19BD 06F9 400A DE8A 1D0B A5CF E3C3 1D8F
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux