On 07/02/2013 04:55 PM, Johnny Hughes wrote:
The following kernel has been built while waiting for upstream to release a new kernel that addresses CVE-2013-2224:
http://people.centos.org/hughesjr/c6kernel/2.6.32-358.11.1.el6.cve20132224/
Please see this upstream bug for details:
https://bugzilla.redhat.com/show_bug.cgi?id=979936
=========================
Note: This kernel has been minimally tested and is provided as is for people who do not want to wait for the official kernel. It is the standard CentOS kernel with one added patch ( https://bugzilla.redhat.com/attachment.cgi?id=767364)
This kernel needs to be tested for fitness by each user before being placed in production. It is a best effort to mitigate an issue that can cause local user escalation to root while waiting for upstream to fix and QA the official kernel. Use at your own risk.
There has been a new upstream kernel released (kernel-2.6.32-358.14.1.el6.src.rpm) and we have released a testing kernel that addresses this issue. Same warnings and bugzilla links apply (this is a best effort, use at your own risk, yada yada yada !):
http://people.centos.org/hughesjr/c6kernel/2.6.32-358.14.1.el6.cve20132224/
Thanks, Johnny Hughes