Send CentOS-announce mailing list submissions to centos-announce@centos.org
To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request@centos.org
You can reach the person managing the list at centos-announce-owner@centos.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of CentOS-announce digest..."
Today's Topics:
1. CentOS-6 CVE-2013-2094 Kernel Issue (Johnny Hughes) 2. CESA-2013:0827 Important CentOS 5 openswan Update (Johnny Hughes) 3. CESA-2013:0827 Important CentOS 6 openswan Update (Johnny Hughes)
----------------------------------------------------------------------
Message: 1 Date: Wed, 15 May 2013 09:34:53 -0500 From: Johnny Hughes johnny@centos.org Subject: [CentOS-announce] CentOS-6 CVE-2013-2094 Kernel Issue To: CentOS-Announce centos-announce@centos.org Message-ID: 51939D0D.3000309@centos.org Content-Type: text/plain; charset="iso-8859-1"
There is a kernel security issue that allows unprivileged (normal) users to gain root access on CentOS-6.4 x86_64 machines. The upstream bugzilla entry is here:
https://bugzilla.redhat.com/show_bug.cgi?id=962792
There is a *TESTING* kernel that should mitigate this issue available here:
http://people.centos.org/hughesjr/c6kernel/2.6.32-358.6.1.el6.cve20132094/
Signing Key: http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-Testing-6
This kernel is the current CentOS-6.4 kernel with this one patch added and recompiled:
https://patchwork.kernel.org/patch/2441281/
Note: This is signed by the centos-6 test key and it is provided as a best effort option to mitigate the above security issue while waiting for an upstream solution. It has been tested by our QA Team, but it is *NOT* an official CentOS package and needs to be fully tested for fitness by each user before used in production.
Please see this mailing list thread:
http://lists.centos.org/pipermail/centos/2013-May/134726.html
And/or this Forum thread:
http://www.centos.org/modules/newbb/viewtopic.php?topic_id=42827&forum=5...
For more details.
Thanks, Johnny Hughes