[CentOS] Heads up on local root escalation

Tue May 13 17:35:40 UTC 2014
Akemi Yagi <amyagi at gmail.com>

On Tue, May 13, 2014 at 2:05 AM, Leon Fauster
<leonfauster at googlemail.com> wrote:
> Am 12.05.2014 um 20:58 schrieb Akemi Yagi <amyagi at gmail.com>:
>> On Mon, May 12, 2014 at 11:23 AM, Keith Keller
>>> Are there any mitigation steps we can take?  I've chased down some of
>>> the links looking for any, but haven't had success yet.
>>
>> According to the upstream BZ 1094232, there is a patch from kernel.org:
>>
>> https://git.kernel.org/cgit/linux/kernel/git/gregkh/tty.git/commit/?h=tty-linus&id=4291086b1f081b869c6d79e5b7441633dc3ace00
>>
>> The file to patch in the RHEL/CentOS kernel seems to be drivers/char/n_tty.c
>>
>> If the next kernel update does not have the fix, I can add it to the
>> centosplus kernel.
>
>
> Hi Akemi,
>
> this would be great - can we push this out? Upstream is delayed (for such vuln).

It would help if you file an RFE at http://bugs.centos.org under the
category "CentOS-6-Plus".

Akemi