[CentOS] Possible Kernel user escalation issue for CentOS-6.4

Johnny Hughes

johnny at centos.org
Tue Jul 2 21:55:19 UTC 2013


The following kernel has been built while waiting for upstream to
release a new kernel that addresses CVE-2013-2224:

http://people.centos.org/hughesjr/c6kernel/2.6.32-358.11.1.el6.cve20132224/

Please see this upstream bug for details:

https://bugzilla.redhat.com/show_bug.cgi?id=979936

=========================

Note:  This kernel has been minimally tested and is provided as is for
people who do not want to wait for the official kernel.  It is the
standard CentOS kernel with one added patch (
https://bugzilla.redhat.com/attachment.cgi?id=767364)

This kernel needs to be tested for fitness by each user before being
placed in production.  It is a best effort to mitigate an issue that can
cause local user escalation to root while waiting for upstream to fix
and QA the official kernel.  Use at your own risk.

Thanks,
Johnny Hughes

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20130702/fe3b60ec/attachment.sig>


More information about the CentOS mailing list