[CentOS] CVE-2015-0235 - glibc gethostbyname

Tue Jan 27 20:30:06 UTC 2015
Cian Mc Govern <cian at cianmcgovern.com>

Packages are being built for CentOS 5, 6 & 7 at the moment:
https://twitter.com/CentOS/status/560128242682966017 &
https://twitter.com/CentOS/status/560138182441070592
On 27 January 2015 at 20:22, Valeri Galtsev <galtsev at kicp.uchicago.edu>
wrote:

>
> On Tue, January 27, 2015 1:58 pm, Peter Lawler wrote:
> > On 28/01/15 04:47, Always Learning wrote:
> >>
> >> Saw this on the Exim List:-
> >>
> > <SNIP>
> >>
> >> I use Exim on C5 and C6 - should I be worried about Exim on C6 ?
> >>
> >
> > upstream references:
> > https://rhn.redhat.com/errata/RHSA-2015-0092.html
>
> When I read this I read that it is fixed in
> glibc-2.12-1.149.el6_6.5.src.rpm (RHEL 6), on my CentOS 6 I have according
> to " rpm -qi glibc": glibc-2.12-1.149.el6_6.4.src.rpm (which resembles
> what is latest on public mirror I maintain, and I checked randomly a
> couple of other mirrors - the same). If I read numbers correctly, we all
> are one minor (very minor ;-) number behind RHEL.
>
> > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235
> >
> > Note that in the openwall.com URL you provided
> > (http://www.openwall.com/lists/oss-security/2015/01/27/9 ) there is a
> > simple program (in section 4 - Case Studies) to test whether a given
> > machine's vulnerable.
>
> And when I check the machine with
> glibc-2.12-1.149.el6_6.4.x86_64
> (fully updated CentOS 6) indeed the program from section 4 of openwall
> page above says "vulnerable".
>
> Am I the only one (read: an idiot ;-) or others have the same?
>
> Thanks Peter!
>
> Valeri
>
> >
> > I dunno what the EOL for C5 patches are, as I don't run it. But reading
> > http://wiki.centos.org/HowTos/EOL it'd seem that there may be a patch
> > for it at some stage, despite upstream not referencing their 5th edition
> > in their notes.
> >
> > Cheers,
> >
> > Pete.
> >
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> >
>
>
> ++++++++++++++++++++++++++++++++++++++++
> Valeri Galtsev
> Sr System Administrator
> Department of Astronomy and Astrophysics
> Kavli Institute for Cosmological Physics
> University of Chicago
> Phone: 773-702-4247
> ++++++++++++++++++++++++++++++++++++++++
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>