[CentOS] CVE-2016-5195 ?DirtyCOW?: Critical Linux Kernel Flaw
Leon Fauster
leonfauster at googlemail.com
Sun Oct 23 11:37:42 UTC 2016
Am 23.10.2016 um 03:31 schrieb Zube <Zube at stat.colostate.edu>:
> On Sat Oct 22 08:20:24 PM, Valeri Galtsev wrote:
>
>> I should have said CentOS 7. Older ones (CentOS 6 and 5) are not vulnerable.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1384344
>
> Comment #35 points to a link that doesn't depend on /proc/self/mem and
> claims to work on CentOS 6 and 5. I'm not quite sure what I should
> be looking for when I run the program, though.
Its explained it the first line.
> I do hope Redhat releases patches soon.
What's quite confusing, is Redhat's security rating: "only important"
and not critical. I see how security ratings are applied
"Flaws that require an authenticated remote user, a local user, or an
unlikely configuration are not classed as Critical impact." [1]
but such a bug should be weighted discretely.
[1] https://access.redhat.com/security/updates/classification/
--
LF
More information about the CentOS
mailing list