On Mon, 2008-02-11 at 10:45 -0800, Akemi Yagi wrote:
On Feb 11, 2008 8:19 AM, Scott McClanahan scott.mcclanahan@trnswrks.com wrote:
On Mon, 2008-02-11 at 04:52 -0800, Michael A. Peters wrote:
Valent Turkovic wrote:
I saw that there is a local root exploit in the wild. http://blog.kagesenshi.org/2008/02/local-root-exploit-on-wild.html
And I see my centos box still has: 2.6.18-53.1.4.el5
yum says there are no updates... am I safe?
Valent.
The current kernel is 53.1.6.el5
If yum isn't seeing it - it probably needs to clean its cached headers.
try:
yum clean headers yum update kernel
However - the 53.1.6.el5 release also is vulnerable, so you may as well wait for the exploit to be fixed before updating. I'm guessing CentOS will do it fairly quickly after rhel does.
I understand that a known root exploit must be patched but I'm curious to know if we upgrade to the fixed kernel once released will it also include the degraded nfs performance discussed here:
We have to wait and see, but my impression is that the nfs fix would not be in the updated kernel (I hope I am wrong). They are talking about getting it into 5.2 (even possibly into 5.3). I can see that this is a problem. Now, we can not "stay with 53.1.4" on the systems where the local root exploit is a serious problem.
Akemi
Akemi
Yes, until now we had no problem stalling on 53.1.4. I guess we'll have to test how badly the nfs performance degradation actually is under a heavy load in our environment.