Index of /experimental/cve_2016_5195
 Name                                             Last modified      Size  Description
 Name                                             Last modified      Size  Description
![[PARENTDIR]](/icons/back.gif) Parent Directory                                                      -
 Parent Directory                                                      -   
![[DIR]](/icons/folder.gif) repodata/                                        2016-10-23 00:54    -
 repodata/                                        2016-10-23 00:54    -   
![[   ]](/icons/unknown.gif) cve_2016_5195-0.3-1.centos6.src.rpm              2016-10-23 00:53  142K
 cve_2016_5195-0.3-1.centos6.src.rpm              2016-10-23 00:53  142K  
![[   ]](/icons/unknown.gif) cve_2016_5195-0.3-1.centos6.x86_64.rpm           2016-10-23 00:53   34K
 cve_2016_5195-0.3-1.centos6.x86_64.rpm           2016-10-23 00:53   34K  
![[   ]](/icons/unknown.gif) cve_2016_5195-0.3-1.el7.cern.x86_64.rpm          2016-10-21 16:26   39K
 cve_2016_5195-0.3-1.el7.cern.x86_64.rpm          2016-10-21 16:26   39K  
![[   ]](/icons/unknown.gif) cve_2016_5195-0.3-1.slc6.x86_64.rpm              2016-10-21 16:26   37K
 cve_2016_5195-0.3-1.slc6.x86_64.rpm              2016-10-21 16:26   37K  
![[   ]](/icons/unknown.gif) cve_2016_5195-debuginfo-0.3-1.centos6.x86_64.rpm 2016-10-23 00:53  2.1K
 cve_2016_5195-debuginfo-0.3-1.centos6.x86_64.rpm 2016-10-23 00:53  2.1K  
Partial CVE-2016-5195 mitigations for the original exploit
----------------------------------------------------------
With thanks to Vincent Brillault @CERN!
This implements the partial mitigation as described in
  https://bugzilla.redhat.com/show_bug.cgi?id=1384344
packaged up to depend on systemtap-runtime only.
This contains the CentOS6 builds (2.6.32-642+ series) that were done
and minimally tested at Nikhef. 
And, yes, they WILL taint your kernel, as I cannot sign them with the CentOS
key for obvious reasons ;-)
Original work
-------------
For CentOS 7:
  http://linuxsoft.cern.ch/cern/centos/7/cern-testing/x86_64/Packages/cve_2016_5195-0.3-1.el7.cern.x86_64.rpm
For SLC6:
  http://linuxsoft.cern.ch/cern/slc6X/updates/testing/x86_64/RPMS/cve_2016_5195-0.3-1.slc6.x86_64.rpm
and 
  https://gitlab.cern.ch/ComputerSecurity/cve_2016_5195
for the original sources and details, as well as for the SLC6/CC7 builds.
Included modules
----------------
2_6_32_642_1_1_el6_x86_64_cve_2016_5195.ko
2_6_32_642_3_1_el6_x86_64_cve_2016_5195.ko
2_6_32_642_4_2_el6_x86_64_cve_2016_5195.ko
2_6_32_642_6_1_el6_x86_64_cve_2016_5195.ko
Check if it works
-----------------
The following should appear in the dmesg output (or your messages syslog):
cve_2016_5195: systemtap: 2.9/0.164, base: ffffffffa04b5000, memory: 95data/36text/80ctx/2058net/33alloc kb, probes: 4
CVE-2016-5195 mitigation loaded