On Tue, January 27, 2015 1:58 pm, Peter Lawler wrote:
On 28/01/15 04:47, Always Learning wrote:
Saw this on the Exim List:-
<SNIP> > > I use Exim on C5 and C6 - should I be worried about Exim on C6 ? >
upstream references: https://rhn.redhat.com/errata/RHSA-2015-0092.html
When I read this I read that it is fixed in glibc-2.12-1.149.el6_6.5.src.rpm (RHEL 6), on my CentOS 6 I have according to " rpm -qi glibc": glibc-2.12-1.149.el6_6.4.src.rpm (which resembles what is latest on public mirror I maintain, and I checked randomly a couple of other mirrors - the same). If I read numbers correctly, we all are one minor (very minor ;-) number behind RHEL.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235
Note that in the openwall.com URL you provided (http://www.openwall.com/lists/oss-security/2015/01/27/9 ) there is a simple program (in section 4 - Case Studies) to test whether a given machine's vulnerable.
And when I check the machine with glibc-2.12-1.149.el6_6.4.x86_64 (fully updated CentOS 6) indeed the program from section 4 of openwall page above says "vulnerable".
Am I the only one (read: an idiot ;-) or others have the same?
Thanks Peter!
Valeri
I dunno what the EOL for C5 patches are, as I don't run it. But reading http://wiki.centos.org/HowTos/EOL it'd seem that there may be a patch for it at some stage, despite upstream not referencing their 5th edition in their notes.
Cheers,
Pete.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++