Re: Heads up on local root escalation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Mon, May 12, 2014 at 11:23 AM, Keith Keller
<kkeller@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> On 2014-05-12, James Hogarth <james.hogarth@xxxxxxxxx> wrote:
>>
>> This does not affect el5 ... an el6 update is pending.
>>
>> https://access.redhat.com/security/cve/CVE-2014-0196
>
> Are there any mitigation steps we can take?  I've chased down some of
> the links looking for any, but haven't had success yet.

According to the upstream BZ 1094232, there is a patch from kernel.org:

https://git.kernel.org/cgit/linux/kernel/git/gregkh/tty.git/commit/?h=tty-linus&id=4291086b1f081b869c6d79e5b7441633dc3ace00

The file to patch in the RHEL/CentOS kernel seems to be drivers/char/n_tty.c

If the next kernel update does not have the fix, I can add it to the
centosplus kernel.

Akemi
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux