On Mon, 2008-02-11 at 10:45 -0800, Akemi Yagi wrote: > On Feb 11, 2008 8:19 AM, Scott McClanahan <[EMAIL PROTECTED]> wrote: > > > > On Mon, 2008-02-11 at 04:52 -0800, Michael A. Peters wrote: > > > Valent Turkovic wrote: > > > > I saw that there is a local root exploit in the wild. > > > > http://blog.kagesenshi.org/2008/02/local-root-exploit-on-wild.html > > > > > > > > And I see my centos box still has: 2.6.18-53.1.4.el5 > > > > > > > > yum says there are no updates... am I safe? > > > > > > > > Valent. > > > > The current kernel is 53.1.6.el5 > > > > > > If yum isn't seeing it - it probably needs to clean its cached headers. > > > > > > try: > > > > > > yum clean headers > > > yum update kernel > > > > > > However - the 53.1.6.el5 release also is vulnerable, so you may as well > > > wait for the exploit to be fixed before updating. I'm guessing CentOS > > > will do it fairly quickly after rhel does. > > > > > > > I understand that a known root exploit must be patched but I'm curious > > to know if we upgrade to the fixed kernel once released will it also > > include the degraded nfs performance discussed here: > > > > https://bugzilla.redhat.com/show_bug.cgi?id=431092 > > We have to wait and see, but my impression is that the nfs fix would > not be in the updated kernel (I hope I am wrong). They are talking > about getting it into 5.2 (even possibly into 5.3). I can see that > this is a problem. Now, we can not "stay with 53.1.4" on the systems > where the local root exploit is a serious problem. > > Akemi > > Akemi
Yes, until now we had no problem stalling on 53.1.4. I guess we'll have to test how badly the nfs performance degradation actually is under a heavy load in our environment. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
