Valent Turkovic wrote: > I saw that there is a local root exploit in the wild. > http://blog.kagesenshi.org/2008/02/local-root-exploit-on-wild.html > > And I see my centos box still has: 2.6.18-53.1.4.el5 > > yum says there are no updates... am I safe? > > Valent. Define safe :) The RHEL-5 (and therefore the centos-5) kernels ARE susceptible to this issue, so no you are NOT safe. Here is the upstream bug: https://bugzilla.redhat.com/show_bug.cgi?id=432251 However, this issue is actively being worked by the upstream provider and a fix will be released VERY soon. This issue is not remotely exploitable and initially requires local user access to gain root. Here is more info on this issue as well: https://www.redhat.com/archives/fedora-list/2008-February/msg01215.html Thanks, Johnny Hughes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20080211/843f3a41/attachment-0005.sig>