[CentOS] Possible Kernel user escalation issue for CentOS-6.4

Wed Jul 17 06:14:50 UTC 2013
Johnny Hughes <johnny at centos.org>

On 07/02/2013 04:55 PM, Johnny Hughes wrote:
> The following kernel has been built while waiting for upstream to
> release a new kernel that addresses CVE-2013-2224:
>
> http://people.centos.org/hughesjr/c6kernel/2.6.32-358.11.1.el6.cve20132224/
>
> Please see this upstream bug for details:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=979936
>
> =========================
>
> Note:  This kernel has been minimally tested and is provided as is for
> people who do not want to wait for the official kernel.  It is the
> standard CentOS kernel with one added patch (
> https://bugzilla.redhat.com/attachment.cgi?id=767364)
>
> This kernel needs to be tested for fitness by each user before being
> placed in production.  It is a best effort to mitigate an issue that can
> cause local user escalation to root while waiting for upstream to fix
> and QA the official kernel.  Use at your own risk.
>

There has been a new upstream kernel released
(kernel-2.6.32-358.14.1.el6.src.rpm) and we have released a testing
kernel that addresses this issue.  Same warnings and bugzilla links
apply (this is a best effort, use at your own risk, yada yada yada !):

http://people.centos.org/hughesjr/c6kernel/2.6.32-358.14.1.el6.cve20132224/

Thanks,
Johnny Hughes

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20130717/de3ea845/attachment-0005.sig>