Re: unpatched local root on centos 5?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 08/13/2015 12:48 PM, Johnny Hughes wrote:
> On 08/13/2015 12:41 PM, Eero Volotinen wrote:
>> well, very sad to hear as I use commercial rhel 5 and paying for it..
>>
> 
> Well, in that case, I would recommend RHEL-6 or RHEL-7 for your RHEL-5
> workloads :)

AND, I would open a support ticket saying you are concerned with your
RHEL-5 security if you are using libuser on a RHEL-5 supported machine.


> 
>>
>> 2015-08-13 19:57 GMT+03:00 Johnny Hughes <johnny@xxxxxxxxxx>:
>>
>>> On 08/12/2015 10:43 PM, Eero Volotinen wrote:
>>>> Hi List,
>>>>
>>>> Looks like this affects on centos 5 and is unpatched like on rhel 5?
>>>>
>>>> https://access.redhat.com/articles/1537873
>>>>
>>>> Trying to test if this affects on centos 5. can someone compile this
>>>> exploit on centos 5?
>>>> https://www.qualys.com/research/security-advisories/roothelper.c
>>>>
>>>> any ideas how to compile it on centos 5?
>>>
>>> Red Hat says 2 things in that article:
>>>
>>> 1.  It impacts RHEL5 (so also CentOS5)
>>>
>>> 2. They are NOT fixing it, at least not now.
>>>
>>> This is NOT the FIRST security update where this has happened.
>>>
>>> I would recommend you upgrade to CentOS-6 or CentOS-7 for all workloads
>>> that you can.
>>>
>>> Thanks,
>>> Johnny Hughes
>>>
>>>
>>> _______________________________________________
>>> CentOS mailing list
>>> CentOS@xxxxxxxxxx
>>> http://lists.centos.org/mailman/listinfo/centos
>>>
>>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS@xxxxxxxxxx
>> http://lists.centos.org/mailman/listinfo/centos
>>
> 
> 
> 
> 
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
> 


Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux