Remember to be especially aware if you have systems that can potentially have code uploaded and run (ftp to httpd vhost or improper php config and file ownership/permissions). This does not affect el5 ... an el6 update is pending. https://access.redhat.com/security/cve/CVE-2014-0196
On 2014-05-12, James Hogarth <james.hogarth at gmail.com> wrote:> > This does not affect el5 ... an el6 update is pending. > > https://access.redhat.com/security/cve/CVE-2014-0196Are there any mitigation steps we can take? I've chased down some of the links looking for any, but haven't had success yet. --keith -- kkeller at wombat.san-francisco.ca.us
"This issue does not affect the versions of Linux kernel packages as shipped with Red Hat Enterprise Linux 6.4 EUS and Red Hat Enterprise Linux 6, because they include backport of upstream commit c56a00a165 that mitigates this issue." 2014-05-12 21:13 GMT+03:00 James Hogarth <james.hogarth at gmail.com>:> Remember to be especially aware if you have systems that can potentially > have code uploaded and run (ftp to httpd vhost or improper php config and > file ownership/permissions). > > This does not affect el5 ... an el6 update is pending. > > https://access.redhat.com/security/cve/CVE-2014-0196 > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >
Apparently Analagous Threads
- Admins supporting both RHEL and CentOS
- Admins supporting both RHEL and CentOS
- CVE-2022-30550: Privilege escalation possible in dovecot when similar master and non-master passdbs are used
- CVE-2022-30550: Privilege escalation possible in dovecot when similar master and non-master passdbs are used
- PV privilege escalation - advisory