Am 23.10.2016 um 03:31 schrieb Zube Zube@stat.colostate.edu:
On Sat Oct 22 08:20:24 PM, Valeri Galtsev wrote:
I should have said CentOS 7. Older ones (CentOS 6 and 5) are not vulnerable.
https://bugzilla.redhat.com/show_bug.cgi?id=1384344
Comment #35 points to a link that doesn't depend on /proc/self/mem and claims to work on CentOS 6 and 5. I'm not quite sure what I should be looking for when I run the program, though.
Its explained it the first line.
I do hope Redhat releases patches soon.
What's quite confusing, is Redhat's security rating: "only important" and not critical. I see how security ratings are applied
"Flaws that require an authenticated remote user, a local user, or an unlikely configuration are not classed as Critical impact." [1]
but such a bug should be weighted discretely.
[1] https://access.redhat.com/security/updates/classification/
-- LF