On 20 September 2010 18:20, Chris Adams <cmad...@hiwaay.net> wrote: > Once upon a time, John Haxby <j...@thehaxbys.co.uk> said: > > For what it's worth, any CVE id is a suitable bug alias for Red Hat's > > bugzilla, > > eg https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3081 > > Does anybody know what the holdup is with releasing a fixed kernel? Per > the BZ, Red Hat has known about this for four and a half days now, with > no fix in sight (other than to turn multi-user servers off). >
I don't know, but I would guess QA. It's a local exploit so it's not as serious as some so a modicum of testing wouldn't go amiss. The nature of this problem gives it scope for doing a fair amount of damage if it's fixed wrongly. The bug report hints as much. jch
_______________________________________________ rhelv5-list mailing list rhelv5-list@redhat.com https://www.redhat.com/mailman/listinfo/rhelv5-list