[CentOS-devel] CentOSPlus kernels for C7 that have Ceph enabled may have a security issue

Mon Jan 12 21:38:21 UTC 2015
Akemi Yagi <amyagi at gmail.com>

On Fri, Jan 9, 2015 at 3:37 PM, Karanbir Singh <mail-lists at karan.org> wrote:
> On 01/05/2015 08:55 PM, Akemi Yagi wrote:
>> We will have to disable Ceph in the next update to the plus kernel
>> unless someone comes up with a fix for the current RHEL code. You can
>> find more details in this CentOS bug report:
>
> is there a need to disable the functionality and do an interim kernel
> update out of band from the distro one ? I am sure we can do that for
> the plus kernel.

Ceph source code adjusted for the EL7 kernel is available from
https://github.com/ceph/ceph-client . It includes the security fix
discussed here.  I have built the plus kernel using this code and made
it available from:

http://people.centos.org/toracat/kernel/7/plus/bug7372/

They are not signed and are provided solely for testing purposes. If
no issue is reported, the patch will be included in the next official
kernel update.

More details can be found in http://bugs.centos.org/view.php?id=7372 .

Akemi