[CentOS] CVE-2016-5195 ?DirtyCOW?: Critical Linux Kernel Flaw

Leon Fauster leonfauster at googlemail.com
Sun Oct 23 11:37:42 UTC 2016


Am 23.10.2016 um 03:31 schrieb Zube <Zube at stat.colostate.edu>:
> On Sat Oct 22 08:20:24 PM, Valeri Galtsev wrote:
> 
>> I should have said CentOS 7. Older ones (CentOS 6 and 5) are not vulnerable.
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1384344
> 
> Comment #35 points to a link that doesn't depend on /proc/self/mem and
> claims to work on CentOS 6 and 5.  I'm not quite sure what I should
> be looking for when I run the program, though.


Its explained it the first line.


> I do hope Redhat releases patches soon.


What's quite confusing, is Redhat's security rating: "only important" 
and not critical. I see how security ratings are applied 

  "Flaws that require an authenticated remote user, a local user, or an 
  unlikely configuration are not classed as Critical impact." [1]

but such a bug should be weighted discretely.


[1] https://access.redhat.com/security/updates/classification/

--
LF


 


More information about the CentOS mailing list