[CentOS] Heads up on local root escalation
Leon Fauster
leonfauster at googlemail.com
Mon May 19 12:51:28 UTC 2014
Am 15.05.2014 um 11:22 schrieb Leon Fauster <leonfauster at googlemail.com>:
> Am 15.05.2014 um 07:23 schrieb Eero Volotinen <eero.volotinen at iki.fi>:
>>
>> 2014-05-12 21:13 GMT+03:00 James Hogarth <james.hogarth at gmail.com>:
>>
>>> Remember to be especially aware if you have systems that can potentially
>>> have code uploaded and run (ftp to httpd vhost or improper php config and
>>> file ownership/permissions).
>>>
>>> This does not affect el5 ... an el6 update is pending.
>>>
>>> https://access.redhat.com/security/cve/CVE-2014-0196
>>
>> "This issue does not affect the versions of Linux kernel packages as
>> shipped with Red Hat Enterprise Linux 6.4 EUS and Red Hat Enterprise Linux
>> 6, because they include backport of upstream commit c56a00a165 that
>> mitigates this issue."
>
> cite: "This issue does affect the versions of the Linux kernel packages as shipped
> with Red Hat Enterprise Linux 6.2 AUS, Red Hat Enterprise Linux 6.3 EUS and Red Rat
> Enterprise MRG 2, and we are currently working on corrected kernel packages that
> address this issue."
https://rhn.redhat.com/errata/RHSA-2014-0512.html
--
LF
More information about the CentOS
mailing list