The following kernel has been built while waiting for upstream to release a new kernel that addresses CVE-2013-2224:
http://people.centos.org/hughesjr/c6kernel/2.6.32-358.11.1.el6.cve20132224/
Please see this upstream bug for details:
https://bugzilla.redhat.com/show_bug.cgi?id=979936
=========================
Note: This kernel has been minimally tested and is provided as is for people who do not want to wait for the official kernel. It is the standard CentOS kernel with one added patch ( https://bugzilla.redhat.com/attachment.cgi?id=767364)
This kernel needs to be tested for fitness by each user before being placed in production. It is a best effort to mitigate an issue that can cause local user escalation to root while waiting for upstream to fix and QA the official kernel. Use at your own risk.
Thanks, Johnny Hughes
On 07/02/2013 04:55 PM, Johnny Hughes wrote:
The following kernel has been built while waiting for upstream to release a new kernel that addresses CVE-2013-2224:
http://people.centos.org/hughesjr/c6kernel/2.6.32-358.11.1.el6.cve20132224/
Please see this upstream bug for details:
https://bugzilla.redhat.com/show_bug.cgi?id=979936
=========================
Note: This kernel has been minimally tested and is provided as is for people who do not want to wait for the official kernel. It is the standard CentOS kernel with one added patch ( https://bugzilla.redhat.com/attachment.cgi?id=767364)
This kernel needs to be tested for fitness by each user before being placed in production. It is a best effort to mitigate an issue that can cause local user escalation to root while waiting for upstream to fix and QA the official kernel. Use at your own risk.
There has been a new upstream kernel released (kernel-2.6.32-358.14.1.el6.src.rpm) and we have released a testing kernel that addresses this issue. Same warnings and bugzilla links apply (this is a best effort, use at your own risk, yada yada yada !):
http://people.centos.org/hughesjr/c6kernel/2.6.32-358.14.1.el6.cve20132224/
Thanks, Johnny Hughes
On Wed, 17 Jul 2013 01:14:50 -0500 Johnny Hughes johnny@centos.org wrote:
On 07/02/2013 04:55 PM, Johnny Hughes wrote:
The following kernel has been built while waiting for upstream to release a new kernel that addresses CVE-2013-2224:
http://people.centos.org/hughesjr/c6kernel/2.6.32-358.11.1.el6.cve20132224/
Please see this upstream bug for details:
https://bugzilla.redhat.com/show_bug.cgi?id=979936
=========================
Note: This kernel has been minimally tested and is provided as is for people who do not want to wait for the official kernel. It is the standard CentOS kernel with one added patch ( https://bugzilla.redhat.com/attachment.cgi?id=767364)
This kernel needs to be tested for fitness by each user before being placed in production. It is a best effort to mitigate an issue that can cause local user escalation to root while waiting for upstream to fix and QA the official kernel. Use at your own risk.
There has been a new upstream kernel released (kernel-2.6.32-358.14.1.el6.src.rpm) and we have released a testing kernel that addresses this issue. Same warnings and bugzilla links apply (this is a best effort, use at your own risk, yada yada yada !):
http://people.centos.org/hughesjr/c6kernel/2.6.32-358.14.1.el6.cve20132224/
Thanks, Johnny Hughes
Thanks for these Johnny much appreciated, I was quite surprised to find the fix was not in the .14.1 kernel update from upstream.
I guess upstream does not see this as "important" enough.
Regards, Jake Shipton (JakeMS) GPG Key: 0xE3C31D8F GPG Fingerprint: 7515 CC63 19BD 06F9 400A DE8A 1D0B A5CF E3C3 1D8F
-
Jake Shipton -
Johnny Hughes