On Wed, January 28, 2015 5:09 pm, David C. Miller wrote:
----- Original Message -----
From: "Simon Banton" centos@web.org.uk To: "CentOS mailing list" centos@centos.org Sent: Wednesday, January 28, 2015 6:10:34 AM Subject: Re: [CentOS] CVE-2015-0235 - glibc gethostbyname
Hi,
For reasons which are too tiresome to bore you all with, I have an obligation to look after a suite of legacy CentOS 4.x systems which cannot be migrated upwards.
I note on https://access.redhat.com/articles/1332213 the following comment from a RHN person:
We are currently working on and testing errata for RHEL 4, we will post an update for it as soon as it's ready. Thank you for your patience!
Is there *any* prospect of updated glibc packages for CentOS 4.x being made available?
Cheers S.
Although I hate Oracle with a fury, one good thing is that they put all the updates they rebuild for their RHEL clone in a publicly viewable site.
The just follow what is written in GPL license. And so does RedHat (and I respect RedHat for always meticulously obeying the requiremetns of GPL - at least that is my observation for about one a a half decades)
Valeri
I'm guessing they pay Redhat for extended support on end of life RHEL4 to get access to the source rpms. I learned about this from another list member back when the bash shell shock exploit hit.
http://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/
David Miller. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++