CentOSPlus kernels, kernel-plus-3.10.0-123.4.4.el7 or newer, have the Ceph option enabled. It was discovered that there is a security issue in Ceph [1]. A patch that fixes the issue is available from kernel.org [2] but cannot be applied to the RHEL/CentOS kernel as such.
We will have to disable Ceph in the next update to the plus kernel unless someone comes up with a fix for the current RHEL code. You can find more details in this CentOS bug report:
http://bugs.centos.org/view.php?id=7372
Please note that the distro kernels are not affected because Ceph is not enabled.
Akemi
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6416 [2] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c...
On 01/05/2015 08:55 PM, Akemi Yagi wrote:
We will have to disable Ceph in the next update to the plus kernel unless someone comes up with a fix for the current RHEL code. You can find more details in this CentOS bug report:
is there a need to disable the functionality and do an interim kernel update out of band from the distro one ? I am sure we can do that for the plus kernel.
regards,
On Fri, Jan 9, 2015 at 3:37 PM, Karanbir Singh mail-lists@karan.org wrote:
On 01/05/2015 08:55 PM, Akemi Yagi wrote:
We will have to disable Ceph in the next update to the plus kernel unless someone comes up with a fix for the current RHEL code. You can find more details in this CentOS bug report:
is there a need to disable the functionality and do an interim kernel update out of band from the distro one ? I am sure we can do that for the plus kernel.
Ceph source code adjusted for the EL7 kernel is available from https://github.com/ceph/ceph-client . It includes the security fix discussed here. I have built the plus kernel using this code and made it available from:
http://people.centos.org/toracat/kernel/7/plus/bug7372/
They are not signed and are provided solely for testing purposes. If no issue is reported, the patch will be included in the next official kernel update.
More details can be found in http://bugs.centos.org/view.php?id=7372 .
Akemi
-
Akemi Yagi -
Karanbir Singh