The only good news
|
| Author | Content |
|---|---|
| penguinist Jan 19, 2016 11:13 AM EDT |
The only good news is that CentOS/RHEL 6 is using a kernel version which is not vulnerable. https://bugzilla.redhat.com/show_bug.cgi?id=1297475 Now I'm so happy that I decided to keep all my servers on "6". The other piece of good news is that this exploit requires local access, and 99.9% of the world's Linux servers are physically secure and are therefore not vulnerable. The issue will be on systems that support unprivileged users accounts or have installations of non-repo closed software. |
| JaseP Jan 19, 2016 4:27 PM EDT |
The patch is expected today... And,... Once again this is an overblown security risk because it is only exploitable as a local user (a privilege escalation),... which means you already have to be logged on to the server or machine. So, unless you are willy-nilly granting accounts to your servers, or have poor security to login already, you have plenty of time to patch. |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!