[CentOS] Possible Kernel user escalation issue for CentOS-6.4
Johnny Hughes
johnny at centos.org
Wed Jul 17 06:14:50 UTC 2013
On 07/02/2013 04:55 PM, Johnny Hughes wrote:
> The following kernel has been built while waiting for upstream to
> release a new kernel that addresses CVE-2013-2224:
>
> http://people.centos.org/hughesjr/c6kernel/2.6.32-358.11.1.el6.cve20132224/
>
> Please see this upstream bug for details:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=979936
>
> =========================
>
> Note: This kernel has been minimally tested and is provided as is for
> people who do not want to wait for the official kernel. It is the
> standard CentOS kernel with one added patch (
> https://bugzilla.redhat.com/attachment.cgi?id=767364)
>
> This kernel needs to be tested for fitness by each user before being
> placed in production. It is a best effort to mitigate an issue that can
> cause local user escalation to root while waiting for upstream to fix
> and QA the official kernel. Use at your own risk.
>
There has been a new upstream kernel released
(kernel-2.6.32-358.14.1.el6.src.rpm) and we have released a testing
kernel that addresses this issue. Same warnings and bugzilla links
apply (this is a best effort, use at your own risk, yada yada yada !):
http://people.centos.org/hughesjr/c6kernel/2.6.32-358.14.1.el6.cve20132224/
Thanks,
Johnny Hughes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20130717/de3ea845/attachment.sig>
More information about the CentOS
mailing list