Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Johnny Hughes <johnny <at> centos.org>
Subject: CentOS-6 CVE-2013-2094 Kernel Issue
Newsgroups: gmane.linux.centos.announce
Date: Wednesday 15th May 2013 14:34:53 UTC (over 3 years ago)
There is a kernel security issue that allows unprivileged (normal) users
to gain root access on CentOS-6.4 x86_64 machines.  The upstream
bugzilla entry is here:

https://bugzilla.redhat.com/show_bug.cgi?id=962792

There is a *TESTING* kernel that should mitigate this issue available here:

http://people.centos.org/hughesjr/c6kernel/2.6.32-358.6.1.el6.cve20132094/

Signing Key:  http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-Testing-6

This kernel is the current CentOS-6.4 kernel with this one patch added
and recompiled:

https://patchwork.kernel.org/patch/2441281/

Note:  This is signed by the centos-6 test key and it is provided as a
best effort option to mitigate the above security issue while waiting
for an upstream solution.  It has been tested by our QA Team, but it is
*NOT* an official CentOS package and needs to be fully tested for
fitness by each user before used in production.

Please see this mailing list thread:

http://lists.centos.org/pipermail/centos/2013-May/134726.html

And/or this Forum thread:

http://www.centos.org/modules/newbb/viewtopic.php?topic_id=42827&forum=59

For more details.

Thanks,
Johnny Hughes
 
CD: 8ms