On 08/13/2015 12:48 PM, Johnny Hughes wrote: > On 08/13/2015 12:41 PM, Eero Volotinen wrote: >> well, very sad to hear as I use commercial rhel 5 and paying for it.. >> > > Well, in that case, I would recommend RHEL-6 or RHEL-7 for your RHEL-5 > workloads :) AND, I would open a support ticket saying you are concerned with your RHEL-5 security if you are using libuser on a RHEL-5 supported machine. > >> >> 2015-08-13 19:57 GMT+03:00 Johnny Hughes <johnny at centos.org>: >> >>> On 08/12/2015 10:43 PM, Eero Volotinen wrote: >>>> Hi List, >>>> >>>> Looks like this affects on centos 5 and is unpatched like on rhel 5? >>>> >>>> https://access.redhat.com/articles/1537873 >>>> >>>> Trying to test if this affects on centos 5. can someone compile this >>>> exploit on centos 5? >>>> https://www.qualys.com/research/security-advisories/roothelper.c >>>> >>>> any ideas how to compile it on centos 5? >>> >>> Red Hat says 2 things in that article: >>> >>> 1. It impacts RHEL5 (so also CentOS5) >>> >>> 2. They are NOT fixing it, at least not now. >>> >>> This is NOT the FIRST security update where this has happened. >>> >>> I would recommend you upgrade to CentOS-6 or CentOS-7 for all workloads >>> that you can. >>> >>> Thanks, >>> Johnny Hughes >>> >>> >>> _______________________________________________ >>> CentOS mailing list >>> CentOS at centos.org >>> http://lists.centos.org/mailman/listinfo/centos >>> >>> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> http://lists.centos.org/mailman/listinfo/centos >> > > > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20150813/943e1222/attachment-0005.sig>