Heads up CentOS (and RHEL) users

For discussions about security.
Post Reply
Message
Author
belham2
Posts: 1715
Joined: Mon 15 Aug 2016, 22:47

Heads up CentOS (and RHEL) users

#1 Post by belham2 »

http://www.securityweek.com/two-year-ol ... nux-kernel


".........Because of that, “all versions of CentOS 7 before 1708 (released on September 13, 2017), all versions of Red Hat Enterprise Linux 7 before 7.4 (released on August 1, 2017), and all versions of CentOS 6 and Red Hat Enterprise Linux 6 are exploitable,

disciple
Posts: 6984
Joined: Sun 21 May 2006, 01:46
Location: Auckland, New Zealand

#2 Post by disciple »

Perhaps I misread something, but why just users of those distros?
Do you know a good gtkdialog program? Please post a link here

Classic Puppy quotes

ROOT FOREVER
GTK2 FOREVER

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

#3 Post by 8Geee »

I think the warning is also about k3.10.x which IIRC exists in some pups in the kennel. It does look aimed at RHEL by the tone of the article because the flaw was not considered serious at the time (2015).

Maybe a checkup is worth it.
Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

User avatar
6502coder
Posts: 677
Joined: Mon 23 Mar 2009, 18:07
Location: Western United States

#4 Post by 6502coder »

@disciple

You're perhaps reading too much into what's NOT said.

While the article mentions certain versions of CentOS and RHE as being affected, it nowhere says "just" those two OSs are affected. The logical inference is that there may be other OSs affected, but either not yet known to be affected, or known to be affected but not prominent enough (i.e. well-known and widely used) to be worth mentioning.

disciple
Posts: 6984
Joined: Sun 21 May 2006, 01:46
Location: Auckland, New Zealand

#5 Post by disciple »

6502coder wrote:@disciple

You're perhaps reading too much into what's NOT said.
Sorry, I wasn't clear enough. The advice seems to come from someone who is only interested in those distros, and I was trying to get at the same thing you're saying - i.e. since it is supposed to be a problem with all kernels prior to Linux 3.10.77, what on earth is the idea of posting about it on the Puppy forum in a way that implies that the issue is with those other distros!

No offence intended to the original poster (I don't remember seeing posts like this from them before), but there are a number of people here who constantly post things like this which might be quite helpful if they thought a bit harder about the message they're trying to get across, but as it is it comes across more like they are spamming us with "fake news".
Do you know a good gtkdialog program? Please post a link here

Classic Puppy quotes

ROOT FOREVER
GTK2 FOREVER

User avatar
6502coder
Posts: 677
Joined: Mon 23 Mar 2009, 18:07
Location: Western United States

#6 Post by 6502coder »

The title of the thread is arguably too restrictive, in that someone who doesn't use CentOS or RHE probably wouldn't bother to read it at all, even though he/she might be a user of an affected Puppy or other OS. If that's your point, then I agree.

On the other hand, I myself have made several posts like the OP's. Since I rarely have the technical chops to assess the relevance of the news, I usually just post the news without comment. I don't have a "message I'm trying to get across," I simply report security news items I think might well be of interest to members of this forum. I hope that on balance, this is more useful than annoying.

Post Reply