[CentOS] unpatched local root on centos 5?

Thu Aug 13 17:50:01 UTC 2015
Johnny Hughes <johnny at centos.org>

On 08/13/2015 12:48 PM, Johnny Hughes wrote:
> On 08/13/2015 12:41 PM, Eero Volotinen wrote:
>> well, very sad to hear as I use commercial rhel 5 and paying for it..
>>
> 
> Well, in that case, I would recommend RHEL-6 or RHEL-7 for your RHEL-5
> workloads :)

AND, I would open a support ticket saying you are concerned with your
RHEL-5 security if you are using libuser on a RHEL-5 supported machine.


> 
>>
>> 2015-08-13 19:57 GMT+03:00 Johnny Hughes <johnny at centos.org>:
>>
>>> On 08/12/2015 10:43 PM, Eero Volotinen wrote:
>>>> Hi List,
>>>>
>>>> Looks like this affects on centos 5 and is unpatched like on rhel 5?
>>>>
>>>> https://access.redhat.com/articles/1537873
>>>>
>>>> Trying to test if this affects on centos 5. can someone compile this
>>>> exploit on centos 5?
>>>> https://www.qualys.com/research/security-advisories/roothelper.c
>>>>
>>>> any ideas how to compile it on centos 5?
>>>
>>> Red Hat says 2 things in that article:
>>>
>>> 1.  It impacts RHEL5 (so also CentOS5)
>>>
>>> 2. They are NOT fixing it, at least not now.
>>>
>>> This is NOT the FIRST security update where this has happened.
>>>
>>> I would recommend you upgrade to CentOS-6 or CentOS-7 for all workloads
>>> that you can.
>>>
>>> Thanks,
>>> Johnny Hughes
>>>
>>>
>>> _______________________________________________
>>> CentOS mailing list
>>> CentOS at centos.org
>>> http://lists.centos.org/mailman/listinfo/centos
>>>
>>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
> 
> 
> 
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20150813/943e1222/attachment-0004.sig>