On 06/05/2015 04:16 AM, Eero Volotinen wrote:
Many other security issues affect *unpatched* Centos 5.5 version. Some of very critical too ..
-- Eero
This is VERY true !
2015-06-05 11:58 GMT+03:00 John Tall mjtallx@gmail.com:
On Fri, Jun 5, 2015 at 10:48 AM, Venkateswara Rao Dokku dvrao.584@gmail.com wrote:
Thanks for the reply.
Where can we get the info regarding whether its fixed in CentOS 5 or not?
I did rpm -q --changelog <glibc> | grep <CVE>
but I dont find any info on this.
This might means 3 things.
- The version is not affected so no fix
- The version is affected, still no fix
- Fix applied, but not shown in o/p
Thanks
We don't know. Red Hat has only mentioned RHEL 6. When vulnerabilities are found in CentOS 5 which they consider not be important enough to fix they usually mention that in the errata.
According to upstream the bug was introduced in glibc 2.6 so if CentOS 5 has 2.5 then it might be just enough too old. https://sourceware.org/bugzilla/show_bug.cgi?id=18287
Not affected so no fix sounds most plausible.
John