On Mon, Apr 27, 2015 at 02:39:30PM +0530, Venkateswara Rao Dokku wrote:
Thanks for the replies. The tool that we used for testing the security vulnerability is "Nessus".
I have glibc version 2.17-78.el7, I saw that CVE-2015-0235 (Ghost) is fixed in this version and I want to apply patch for the vulnerbailities CVE-2015-1472 & CVE-2015-1473. Can you please help me in finding the right version that has fixes for these?
You have the latest glibc package available.
Checking upstream, Red Hat has their CVE information here:
https://access.redhat.com/security/cve/CVE-2015-1472 https://access.redhat.com/security/cve/CVE-2015-1473
If you look at the CVE page for the Ghost vulnerability (https://access.redhat.com/security/cve/CVE-2015-0235) it links to any security advisories which would include an update. Both 1472 and 1473 are marked as 'Low' impact so I suspect there won't be any updated package to address it until later.
I would STRONGLY suggest against attempting to build your own glibc.