On Mon, 27 Jul 2015 04:03:14 -0500 Johnny Hughes <johnny at centos.org> wrote: > The packages that will become CentOS-6.7, as well as updates completed > for CentOS-6.7 to date are now released into the CentOS-6.6 Continuous > Release (CR) repository. ... > 3. The package set includes 243 Source RPMs updated and are broken > down as: > > 21 Security Updates: > 0 Critical Security > 1 Important Security > 16 Moderate Security > 4 Low Security And that "1" important above is quite important. See RHSA-2015-1482 (CVE-2015-3245, CVE-2015-3246) pkg libuser: local root with exploit in the wild. Maybe it's even worth cherry picking that package over to 6-updates asap? (as a side note c5 is also affected but no update exists or is planned afaict). /Peter -- Sent from my Android device with K-9 Mail. Please excuse my brevity.