[CentOS] Heads up on local root escalation

Mon May 19 12:51:28 UTC 2014
Leon Fauster <leonfauster at googlemail.com>

Am 15.05.2014 um 11:22 schrieb Leon Fauster <leonfauster at googlemail.com>:
> Am 15.05.2014 um 07:23 schrieb Eero Volotinen <eero.volotinen at iki.fi>:
>> 
>> 2014-05-12 21:13 GMT+03:00 James Hogarth <james.hogarth at gmail.com>:
>> 
>>> Remember to be especially aware if you have systems that can potentially
>>> have code uploaded and run (ftp to httpd vhost or improper php config and
>>> file ownership/permissions).
>>> 
>>> This does not affect el5 ... an el6 update is pending.
>>> 
>>> https://access.redhat.com/security/cve/CVE-2014-0196
>> 
>> "This issue does not affect the versions of Linux kernel packages as
>> shipped with Red Hat Enterprise Linux 6.4 EUS and Red Hat Enterprise Linux
>> 6, because they include backport of upstream commit c56a00a165 that
>> mitigates this issue."
> 
> cite: "This issue does affect the versions of the Linux kernel packages as shipped
> with Red Hat Enterprise Linux 6.2 AUS, Red Hat Enterprise Linux 6.3 EUS and Red Rat 
> Enterprise MRG 2, and we are currently working on corrected kernel packages that 
> address this issue."



https://rhn.redhat.com/errata/RHSA-2014-0512.html

--
LF