Comment 38 for bug 413656

Revision history for this message
In , Eugene (eugene-redhat-bugs) wrote :

Hi Andrew,

(In reply to comment #44)
> I trust that there would have been a different QA process had it been a
> critical, remotely exploitable, bug ? Over a week from a published exploit
> *and* an upstream fix to release a kernel is not good.

If this is a critical remote exploitable vulnerability, we will give it the highest priority to release a kernel update that addresses the issue.

For this issue, it is a local privilege escalation vulnerability that can be mitigated. For customers who are unable to perform the mitigation steps, they can request for a hotfix (unofficial but supported kernel that has this fix until we are ready to release one) from Red Hat Support.

If you have any questions, feel free to email us directly at <email address hidden>. We respond very quickly ;)

> I don't have access to the tracking bugs, so there may be a good reason,

Please see https://bugzilla.redhat.com/show_bug.cgi?id=516949#c34

Thanks, Eugene