[CentOS] CVE-2016-5195 DirtyCOW : Critical Linux Kernel Flaw

Wed Oct 26 16:53:17 UTC 2016
Peter Kjellström <cap at nsc.liu.se>

On Wed, 26 Oct 2016 06:30:45 -0500
Johnny Hughes <johnny at centos.org> wrote:

> On 10/26/2016 05:56 AM, Peter Kjellström wrote:
> > On Tue, 25 Oct 2016 17:21:54 -0700
> > Akemi Yagi <amyagi at gmail.com> wrote:
> >   
> >> On Tue, Oct 25, 2016 at 10:26 AM, Leon Fauster
> >> <leonfauster at googlemail.com> wrote:  
> >>> Am 25.10.2016 um 15:39 schrieb Peter Kjellström
> >>> <cap at nsc.liu.se>:    
> >>>> On Tue, 25 Oct 2016 10:06:12 +0200
> >>>> Christian Anthon <anthon at rth.dk> wrote:
> >>>>    
> >>>>> What is the best approach on centos 6 to mitigate the problem is
> >>>>> officially patched? As far as I can tell Centos 6 is vulnerable
> >>>>> to attacks using ptrace.    
> >>>>
> >>>> I can confirm that c6 is vulnerable, we're running a patched
> >>>> kernel (local build) using a rhel6 adaptation of the upstream
> >>>> fix.
> >>>>
> >>>> Ask off-list if you want an src.rpm    
> >>>
> >>>
> >>> Hi Peter, can you confirm that its this?
> >>>
> >>> http://pastebin.centos.org/56391/    
> >>
> >> That is for the EL-7.2 kernel. Peter was offering a patch for
> >> CentOS 6.
> >>
> >> RH released the patched kernel for EL-6.8 today. I have attached
> >> the diff file between 2.6.32-642.6.1.el6 and 2.6.32-642.6.2.el6.
> >> It is more complex because the 6 kernel is older, so required more
> >> mods, I suppose. Maybe that was the reason why the EL-6 update
> >> took longer than EL-7.  
> > 
> > We also did a quick diff for the official c6 patch and it's almost
> > but not quite what we were using as a quick fix.
> > 
> > /Peter  
> 
> The 6 kernel is released now  ..  Use that :)

You misunderstood me. I was referring to the difference between the
quick fix initially deployed by us and the now released fix. We're
almost completely updated from quick fix to official fix by now.

/Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20161026/e0564ebc/attachment-0005.sig>