[CentOS] Heads up on local root escalation

Thu May 15 09:22:05 UTC 2014
Leon Fauster <leonfauster at googlemail.com>

Am 15.05.2014 um 07:23 schrieb Eero Volotinen <eero.volotinen at iki.fi>:
> 
> 2014-05-12 21:13 GMT+03:00 James Hogarth <james.hogarth at gmail.com>:
> 
>> Remember to be especially aware if you have systems that can potentially
>> have code uploaded and run (ftp to httpd vhost or improper php config and
>> file ownership/permissions).
>> 
>> This does not affect el5 ... an el6 update is pending.
>> 
>> https://access.redhat.com/security/cve/CVE-2014-0196
> 

> "This issue does not affect the versions of Linux kernel packages as
> shipped with Red Hat Enterprise Linux 6.4 EUS and Red Hat Enterprise Linux
> 6, because they include backport of upstream commit c56a00a165 that
> mitigates this issue."



cite: "This issue does affect the versions of the Linux kernel packages as shipped
with Red Hat Enterprise Linux 6.2 AUS, Red Hat Enterprise Linux 6.3 EUS and Red Rat 
Enterprise MRG 2, and we are currently working on corrected kernel packages that 
address this issue."

--
LF