Index of /experimental/cve_2016_5195

Icon  Name                                             Last modified      Size  Description
[PARENTDIR] Parent Directory - [DIR] repodata/ 2016-10-23 00:54 - [   ] cve_2016_5195-0.3-1.centos6.src.rpm 2016-10-23 00:53 142K [   ] cve_2016_5195-0.3-1.el7.cern.x86_64.rpm 2016-10-21 16:26 39K [   ] cve_2016_5195-0.3-1.slc6.x86_64.rpm 2016-10-21 16:26 37K [   ] cve_2016_5195-0.3-1.centos6.x86_64.rpm 2016-10-23 00:53 34K [   ] cve_2016_5195-debuginfo-0.3-1.centos6.x86_64.rpm 2016-10-23 00:53 2.1K
Partial CVE-2016-5195 mitigations for the original exploit
----------------------------------------------------------

With thanks to Vincent Brillault @CERN!

This implements the partial mitigation as described in
  https://bugzilla.redhat.com/show_bug.cgi?id=1384344
packaged up to depend on systemtap-runtime only.
This contains the CentOS6 builds (2.6.32-642+ series) that were done
and minimally tested at Nikhef. 
And, yes, they WILL taint your kernel, as I cannot sign them with the CentOS
key for obvious reasons ;-)

Original work
-------------
For CentOS 7:
  http://linuxsoft.cern.ch/cern/centos/7/cern-testing/x86_64/Packages/cve_2016_5195-0.3-1.el7.cern.x86_64.rpm
For SLC6:
  http://linuxsoft.cern.ch/cern/slc6X/updates/testing/x86_64/RPMS/cve_2016_5195-0.3-1.slc6.x86_64.rpm
and 
  https://gitlab.cern.ch/ComputerSecurity/cve_2016_5195
for the original sources and details, as well as for the SLC6/CC7 builds.

Included modules
----------------
2_6_32_642_1_1_el6_x86_64_cve_2016_5195.ko
2_6_32_642_3_1_el6_x86_64_cve_2016_5195.ko
2_6_32_642_4_2_el6_x86_64_cve_2016_5195.ko
2_6_32_642_6_1_el6_x86_64_cve_2016_5195.ko

Check if it works
-----------------
The following should appear in the dmesg output (or your messages syslog):

cve_2016_5195: systemtap: 2.9/0.164, base: ffffffffa04b5000, memory: 95data/36text/80ctx/2058net/33alloc kb, probes: 4
CVE-2016-5195 mitigation loaded