On 10/26/2016 05:56 AM, Peter Kjellström wrote: > On Tue, 25 Oct 2016 17:21:54 -0700 > Akemi Yagi <amyagi at gmail.com> wrote: > >> On Tue, Oct 25, 2016 at 10:26 AM, Leon Fauster >> <leonfauster at googlemail.com> wrote: >>> Am 25.10.2016 um 15:39 schrieb Peter Kjellström <cap at nsc.liu.se>: >>>> On Tue, 25 Oct 2016 10:06:12 +0200 >>>> Christian Anthon <anthon at rth.dk> wrote: >>>> >>>>> What is the best approach on centos 6 to mitigate the problem is >>>>> officially patched? As far as I can tell Centos 6 is vulnerable to >>>>> attacks using ptrace. >>>> >>>> I can confirm that c6 is vulnerable, we're running a patched kernel >>>> (local build) using a rhel6 adaptation of the upstream fix. >>>> >>>> Ask off-list if you want an src.rpm >>> >>> >>> Hi Peter, can you confirm that its this? >>> >>> http://pastebin.centos.org/56391/ >> >> That is for the EL-7.2 kernel. Peter was offering a patch for CentOS >> 6. >> >> RH released the patched kernel for EL-6.8 today. I have attached the >> diff file between 2.6.32-642.6.1.el6 and 2.6.32-642.6.2.el6. It is >> more complex because the 6 kernel is older, so required more mods, I >> suppose. Maybe that was the reason why the EL-6 update took longer >> than EL-7. > > We also did a quick diff for the official c6 patch and it's almost but > not quite what we were using as a quick fix. > > /Peter The 6 kernel is released now .. Use that :) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20161026/740a6637/attachment-0004.sig>