Valent Turkovic wrote:
Where is it pointing for updates?
#released updates
[updates]
name=CentOS-$releasever - Updates
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
g
On Fri, Feb 15, 2008 at 7:48 PM, Michael A. Peters <[EMAIL PROTECTED]> wrote:
> Valent Turkovic wrote:
> > On Mon, Feb 11, 2008 at 11:58 AM, kfx <[EMAIL PROTECTED]> wrote:
> >> Valent Turkovic wrote:
> >> > I saw that there is a local root exploit in the wild.
> >> > http://blog.kagesenshi.or
Valent Turkovic wrote:
On Mon, Feb 11, 2008 at 11:58 AM, kfx <[EMAIL PROTECTED]> wrote:
Valent Turkovic wrote:
> I saw that there is a local root exploit in the wild.
> http://blog.kagesenshi.org/2008/02/local-root-exploit-on-wild.html
>
> And I see my centos box still has: 2.6.18-53.1.4.el
On Mon, Feb 11, 2008 at 11:58 AM, kfx <[EMAIL PROTECTED]> wrote:
>
> Valent Turkovic wrote:
> > I saw that there is a local root exploit in the wild.
> > http://blog.kagesenshi.org/2008/02/local-root-exploit-on-wild.html
> >
> > And I see my centos box still has: 2.6.18-53.1.4.el5
> >
> > yu
Akemi Yagi wrote:
On Feb 11, 2008 10:52 AM, Scott McClanahan
<[EMAIL PROTECTED]> wrote:
On Mon, 2008-02-11 at 10:45 -0800, Akemi Yagi wrote:
We have to wait and see, but my impression is that the nfs fix would
not be in the updated kernel (I hope I am wrong). They are talking
about getting
On Feb 11, 2008 10:52 AM, Scott McClanahan
<[EMAIL PROTECTED]> wrote:
>
>
> On Mon, 2008-02-11 at 10:45 -0800, Akemi Yagi wrote:
> > We have to wait and see, but my impression is that the nfs fix would
> > not be in the updated kernel (I hope I am wrong). They are talking
> > about getting it int
On Mon, Feb 11, 2008 at 10:56:28PM -0500, Ross S. W. Walker wrote:
> > > Yes, but conceivable an application can make use of such a system
> > > call since it is exploitable from user land and hence the concern.
> > Well, the point is there's nothing wrong with the system call
> > *inherently*. The
jarmo wrote:
Ofcource there's a way, get vanilla kernel 2.6.24.2 and use old config
compile it and run. I've done it.
I am running a 2.6.24.x kernel built like that on CentOS 5.1 x86_64, but
be careful, some manual tweaking with "make menuconfig" is required,
since there are too many differe
Akemi Yagi wrote:
On Feb 12, 2008 8:40 AM, kfx <[EMAIL PROTECTED]> wrote:
I did, for the record: http://people.redhat.com/dzickus/el5/
BEWARE that it will remove ALL the older kernels.
No, that is simply not true. I have tested a couple of kernels from
http://people.redhat.com/dzicku
On Feb 12, 2008 11:40 AM, kfx <[EMAIL PROTECTED]> wrote:
> I did, for the record: http://people.redhat.com/dzickus/el5/
> BEWARE that it will remove ALL the older kernels.
It will do this if you install via rpm -Uvh, as the the upgrade
implies the removal of older versions. -ivh will install it n
On Feb 12, 2008 8:40 AM, kfx <[EMAIL PROTECTED]> wrote:
> > However, we are not going to rush a non tested patch out the door.
> > There are patches listed on the upstream bug, if you (figurative ...
> > meaning anyone who wants to not wait) really want to integrate that
> > into your own kernels
Johnny Hughes wrote:
kfx wrote:
R P Herrold wrote:
On Mon, 11 Feb 2008, kfx wrote:
The official patch for debian is out since a couple of hours...
Why does it take so long for RHEL ? Just a question, not a troll or
something.
1. ask them
it was a question, not a troll (bis).
However, yo
kfx wrote:
R P Herrold wrote:
On Mon, 11 Feb 2008, kfx wrote:
The official patch for debian is out since a couple of hours...
Why does it take so long for RHEL ? Just a question, not a troll or
something.
1. ask them
it was a question, not a troll (bis).
However, you are asking the wrong
Matthew Miller wrote:
>
> On Mon, Feb 11, 2008 at 06:00:14PM -0500, Ross S. W. Walker wrote:
> > > > I wonder if any existing user-land utilities have hooks into
> > > > vmsplice that may be able to be accessed via PHP, Perl, or CGI?
> > > It's a system call.
> > Yes, but conceivable an applicatio
Dag Wieers kirjoitti viestissään (lähetysaika maanantai, 11. helmikuuta 2008):
> And *poof* you lost all support or reproducability that people crave when
> using CentOS or RHEL.
>
> So yes, it is a possibility, but probably unlikely when people have chosen
> CentOS or RHEL. And especially for tho
On Mon, Feb 11, 2008 at 06:00:14PM -0500, Ross S. W. Walker wrote:
> > > I wonder if any existing user-land utilities have hooks into
> > > vmsplice that may be able to be accessed via PHP, Perl, or CGI?
> > It's a system call.
> Yes, but conceivable an application can make use of such a system
> c
Matthew Miller wrote:
>
> On Mon, Feb 11, 2008 at 04:26:57PM -0500, Ross S. W. Walker wrote:
> > Problem with Debian patch is it may conflict with some of the RH
> > backports, but if it works why not submit it to CentOS team for
> > testing as I hear the RH current workaround has issues with GPFs
On Mon, Feb 11, 2008 at 04:26:57PM -0500, Ross S. W. Walker wrote:
> Problem with Debian patch is it may conflict with some of the RH
> backports, but if it works why not submit it to CentOS team for
> testing as I hear the RH current workaround has issues with GPFs.
I think that's with the powert
Dag Wieers wrote:
>
> On Mon, 11 Feb 2008, Ross S. W. Walker wrote:
>
> > Dag Wieers wrote:
> > > On Mon, 11 Feb 2008, jarmo wrote:
> > >
> > > > Ofcource there's a way, get vanilla kernel 2.6.24.2 and use
> > > old config
> > > > compile it and run. I've done it.
> > >
> > > And *poof* you lost
On Mon, 11 Feb 2008, Ross S. W. Walker wrote:
> Dag Wieers wrote:
> > On Mon, 11 Feb 2008, jarmo wrote:
> >
> > > Ofcource there's a way, get vanilla kernel 2.6.24.2 and use
> > old config
> > > compile it and run. I've done it.
> >
> > And *poof* you lost all support or reproducability that
> > p
Dag Wieers wrote:
>
> On Mon, 11 Feb 2008, jarmo wrote:
>
> > Scott McClanahan kirjoitti viestissään (lähetysaika
> maanantai, 11. helmikuuta
> > 2008):
> > > On Mon, 2008-02-11 at 10:45 -0800, Akemi Yagi wrote:
> > > > On Feb 11, 2008 8:19 AM, Scott McClanahan
> <[EMAIL PROTECTED]>
> > wrote:
On Mon, 11 Feb 2008, jarmo wrote:
> Scott McClanahan kirjoitti viestissään (lähetysaika maanantai, 11. helmikuuta
> 2008):
> > On Mon, 2008-02-11 at 10:45 -0800, Akemi Yagi wrote:
> > > On Feb 11, 2008 8:19 AM, Scott McClanahan <[EMAIL PROTECTED]>
> wrote:
> > > > On Mon, 2008-02-11 at 04:52 -0800
Scott McClanahan kirjoitti viestissään (lähetysaika maanantai, 11. helmikuuta
2008):
> On Mon, 2008-02-11 at 10:45 -0800, Akemi Yagi wrote:
> > On Feb 11, 2008 8:19 AM, Scott McClanahan <[EMAIL PROTECTED]>
wrote:
> > > On Mon, 2008-02-11 at 04:52 -0800, Michael A. Peters wrote:
> > > > Valent Tur
On Mon, 2008-02-11 at 10:45 -0800, Akemi Yagi wrote:
> On Feb 11, 2008 8:19 AM, Scott McClanahan <[EMAIL PROTECTED]> wrote:
> >
> > On Mon, 2008-02-11 at 04:52 -0800, Michael A. Peters wrote:
> > > Valent Turkovic wrote:
> > > > I saw that there is a local root exploit in the wild.
> > > > http://
On Feb 11, 2008 8:19 AM, Scott McClanahan <[EMAIL PROTECTED]> wrote:
>
> On Mon, 2008-02-11 at 04:52 -0800, Michael A. Peters wrote:
> > Valent Turkovic wrote:
> > > I saw that there is a local root exploit in the wild.
> > > http://blog.kagesenshi.org/2008/02/local-root-exploit-on-wild.html
> > >
On Mon, 2008-02-11 at 04:52 -0800, Michael A. Peters wrote:
> Valent Turkovic wrote:
> > I saw that there is a local root exploit in the wild.
> > http://blog.kagesenshi.org/2008/02/local-root-exploit-on-wild.html
> >
> > And I see my centos box still has: 2.6.18-53.1.4.el5
> >
> > yum says the
>> 2. there have been reports of stability problems with the patch
> you mean that adding a validation of users input in a code lead to
> stability problem ?
To avoid continuing speculation, you should really just go ask RH
directly. Ask in the bz thread if you like.
Ray
___
R P Herrold wrote:
On Mon, 11 Feb 2008, kfx wrote:
The official patch for debian is out since a couple of hours...
Why does it take so long for RHEL ? Just a question, not a troll or
something.
1. ask them
it was a question, not a troll (bis).
2. there have been reports of stability probl
On Mon, 11 Feb 2008, kfx wrote:
The official patch for debian is out since a couple of hours...
Why does it take so long for RHEL ? Just a question, not a troll or
something.
1. ask them
2. there have been reports of stability problems with the
patch -- it does little good to rush out a fix
The official patch for debian is out since a couple of hours...
Why does it take so long for RHEL ? Just a question, not a troll or
something.
kfx
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Valent Turkovic wrote:
I saw that there is a local root exploit in the wild.
http://blog.kagesenshi.org/2008/02/local-root-exploit-on-wild.html
And I see my centos box still has: 2.6.18-53.1.4.el5
yum says there are no updates... am I safe?
Valent.
Valent Turkovic wrote:
I saw that there is a local root exploit in the wild.
http://blog.kagesenshi.org/2008/02/local-root-exploit-on-wild.html
And I see my centos box still has: 2.6.18-53.1.4.el5
yum says there are no updates... am I safe?
Valent.
Define safe :)
The RHEL-5 (and therefore
Valent Turkovic wrote:
> I saw that there is a local root exploit in the wild.
> http://blog.kagesenshi.org/2008/02/local-root-exploit-on-wild.html
>
> And I see my centos box still has: 2.6.18-53.1.4.el5
>
> yum says there are no updates... am I safe?
No, you are not safe - and you should have r
Valent Turkovic wrote:
I saw that there is a local root exploit in the wild.
http://blog.kagesenshi.org/2008/02/local-root-exploit-on-wild.html
And I see my centos box still has: 2.6.18-53.1.4.el5
yum says there are no updates... am I safe?
Valent.
No you're not... and we are a lot in this v
I saw that there is a local root exploit in the wild.
http://blog.kagesenshi.org/2008/02/local-root-exploit-on-wild.html
And I see my centos box still has: 2.6.18-53.1.4.el5
yum says there are no updates... am I safe?
Valent.
___
CentOS mailing list
35 matches
Mail list logo
