Re: CVE-2016-5195 ?DirtyCOW?: Critical Linux Kernel Flaw

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Am 23.10.2016 um 03:31 schrieb Zube <Zube@xxxxxxxxxxxxxxxxxx>:
> On Sat Oct 22 08:20:24 PM, Valeri Galtsev wrote:
> 
>> I should have said CentOS 7. Older ones (CentOS 6 and 5) are not vulnerable.
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1384344
> 
> Comment #35 points to a link that doesn't depend on /proc/self/mem and
> claims to work on CentOS 6 and 5.  I'm not quite sure what I should
> be looking for when I run the program, though.


Its explained it the first line.


> I do hope Redhat releases patches soon.


What's quite confusing, is Redhat's security rating: "only important" 
and not critical. I see how security ratings are applied 

  "Flaws that require an authenticated remote user, a local user, or an 
  unlikely configuration are not classed as Critical impact." [1]

but such a bug should be weighted discretely.


[1] https://access.redhat.com/security/updates/classification/

--
LF


 
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux