----- Original Message -----
From: "Simon Banton" centos@web.org.uk To: "CentOS mailing list" centos@centos.org Sent: Wednesday, January 28, 2015 6:10:34 AM Subject: Re: [CentOS] CVE-2015-0235 - glibc gethostbyname
Hi,
For reasons which are too tiresome to bore you all with, I have an obligation to look after a suite of legacy CentOS 4.x systems which cannot be migrated upwards.
I note on https://access.redhat.com/articles/1332213 the following comment from a RHN person:
We are currently working on and testing errata for RHEL 4, we will post an update for it as soon as it's ready. Thank you for your patience!
Is there *any* prospect of updated glibc packages for CentOS 4.x being made available?
Cheers S.
Although I hate Oracle with a fury, one good thing is that they put all the updates they rebuild for their RHEL clone in a publicly viewable site. I'm guessing they pay Redhat for extended support on end of life RHEL4 to get access to the source rpms. I learned about this from another list member back when the bash shell shock exploit hit.
http://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/
David Miller.