Erek Dyskant wrote:> Howdy all,
> I compiled a set of kernel RPMs with the upstream kernel patch applied.
> Obviously they haven't gone through the full QA process, but I know of
> them running on approximately 50 servers without any reported issues.
>
> They're available at:
>
http://erek.blumenthals.com/blog/2008/02/11/rhel-5-centos-5-kernel-rpms-patched-against-vmsplice-local-root-exploit/
>
> Let me know any experiences you have with them.
>
> Regards,
> Erek Dyskant
>
I would like to suggest if you could is that you also make 53.1.4 (maybe
put 53.1.4.cve20080600 as the release tag) patched available since a lot
of people have to run 53.1.4 because of broken nfs in 53.1.6
I suspect RHEL will have a patched kernel tomorrow, I looked at some
security sites that log response times and it seems 24-48 hours is the
norm for rhel with local root exploits.
However - I don't know if their update will fix the nfs issues that
cause people to want to keep using 53.1.4, and it would be too bad if
they didn't.
Maybe CentOS testing or centosplus would be a good place for a security
patched 53.1.4 kernel iff rhel doesn't fix the nfs issue in their update?