I noticed this as well but did some homework ;-) https://bugzilla.redhat.com/show_bug.cgi?id=1147189 https://access.redhat.com/security/cve/CVE-2014-6277 If I understand it correctly they think it's not exploitable anymore. Still think it should get patched immediately as there is an upstream patch available and it avoids any more questions and confusion about this problem. Kai