On 20 September 2010 18:20, Chris Adams <[email protected]> wrote: > Once upon a time, John Haxby <[email protected]> said: > > For what it's worth, any CVE id is a suitable bug alias for Red Hat's > > bugzilla, > > eg https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3081 > > Does anybody know what the holdup is with releasing a fixed kernel? Per > the BZ, Red Hat has known about this for four and a half days now, with > no fix in sight (other than to turn multi-user servers off). >
I don't know, but I would guess QA. It's a local exploit so it's not as serious as some so a modicum of testing wouldn't go amiss. The nature of this problem gives it scope for doing a fair amount of damage if it's fixed wrongly. The bug report hints as much. jch
_______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
