BAS/XBAS
PrKB12087 : Security problem reported in kernel allows local root exploit.
As one or several exploit programs have been published on the web it's highly recommended to fix locally this security flow on your cluster nodes. Meanwhile a new kernel will be built with appropriate fixes and added to the next errata CD.
You can learn more about this security flow in the following article in LWN: http://lwn.net/Articles/347006/
In order to prevent the published exploit from working the following must be done on all of the cluster nodes:
Add the following entries in the /etc/modprobe.conf file:
-8<--
install pppox /bin/true
install bluetooth /bin/true
install appletalk /bin/true
install ipx /bin/true
install sctp /bin/true
-8<--
This update does not need to restart the nodes.
In the same time Red Hat have released a set of steps to mitigate the exploit, have a look at https://bugzilla.redhat.com/show_bug.cgi?id=516949 to know more.
For any requests regarding this security flow feel free to contact me.
Regards.
FAQ Article