On Wed, 26 Oct 2016 06:30:45 -0500 Johnny Hughes <johnny at centos.org> wrote: > On 10/26/2016 05:56 AM, Peter Kjellström wrote: > > On Tue, 25 Oct 2016 17:21:54 -0700 > > Akemi Yagi <amyagi at gmail.com> wrote: > > > >> On Tue, Oct 25, 2016 at 10:26 AM, Leon Fauster > >> <leonfauster at googlemail.com> wrote: > >>> Am 25.10.2016 um 15:39 schrieb Peter Kjellström > >>> <cap at nsc.liu.se>: > >>>> On Tue, 25 Oct 2016 10:06:12 +0200 > >>>> Christian Anthon <anthon at rth.dk> wrote: > >>>> > >>>>> What is the best approach on centos 6 to mitigate the problem is > >>>>> officially patched? As far as I can tell Centos 6 is vulnerable > >>>>> to attacks using ptrace. > >>>> > >>>> I can confirm that c6 is vulnerable, we're running a patched > >>>> kernel (local build) using a rhel6 adaptation of the upstream > >>>> fix. > >>>> > >>>> Ask off-list if you want an src.rpm > >>> > >>> > >>> Hi Peter, can you confirm that its this? > >>> > >>> http://pastebin.centos.org/56391/ > >> > >> That is for the EL-7.2 kernel. Peter was offering a patch for > >> CentOS 6. > >> > >> RH released the patched kernel for EL-6.8 today. I have attached > >> the diff file between 2.6.32-642.6.1.el6 and 2.6.32-642.6.2.el6. > >> It is more complex because the 6 kernel is older, so required more > >> mods, I suppose. Maybe that was the reason why the EL-6 update > >> took longer than EL-7. > > > > We also did a quick diff for the official c6 patch and it's almost > > but not quite what we were using as a quick fix. > > > > /Peter > > The 6 kernel is released now .. Use that :) You misunderstood me. I was referring to the difference between the quick fix initially deployed by us and the now released fix. We're almost completely updated from quick fix to official fix by now. /Peter -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20161026/e0564ebc/attachment-0005.sig>