Are there any 64bit CentOS5 kernels available that are immune against the exploit mentioned in the subject? Turning off 32bit support is no option to me.. Gerhard Schneider P.S.: Source code can be found at http://seclists.org/fulldisclosure/2010/Sep/268 and is working "well" on 2.6.18-194.11.3.el5.centos.plus -- Gerhard Schneider Institute of Lightweight Design and e-Mail: gs at ilsb.tuwien.ac.at Structural Biomechanics (E317) Tel.: +43 664 60 588 3171 Vienna University of Technology / Austria Fax: +43 1 58801 31799 A-1040 Wien, Gusshausstrasse 27-29 http://www.ilsb.tuwien.ac.at/~gs/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 253 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20100918/41e3fd92/attachment.sig>
On 18/09/10 20:11, Gerhard Schneider wrote:> > Are there any 64bit CentOS5 kernels available that are immune against > the exploit mentioned in the subject? Turning off 32bit support is no > option to me.. > > Gerhard Schneider > > P.S.: Source code can be found at > http://seclists.org/fulldisclosure/2010/Sep/268 and is working "well" on > 2.6.18-194.11.3.el5.centos.plus > >Not at present AFAIK. Red Hat are currently working on backporting a fix. You can track progress here: https://bugzilla.redhat.com/show_bug.cgi?id=634457 https://access.redhat.com/kb/docs/DOC-40265 Given CentOS tracks what Red Hat releases, there's not much CentOS can do until Red Hat release a fix and Red Hat are unlikely to rush a fix out of the door before it's been thoroughly tested.
Am 18.09.2010 21:11, schrieb Gerhard Schneider:> > Are there any 64bit CentOS5 kernels available that are immune against > the exploit mentioned in the subject? Turning off 32bit support is no > option to me.. > > Gerhard Schneider > > P.S.: Source code can be found at > http://seclists.org/fulldisclosure/2010/Sep/268 and is working "well" on > 2.6.18-194.11.3.el5.centos.plus >from Scientific Linux http://linux.web.cern.ch/linux/news.shtml#cve20103081 you can get a patched kernel from http://linuxsoft.cern.ch/cern/slc5X/x86_64/updates/testing/RPMS can be installed on CentOS and fixes the problem.