Hi All,
I am using CentOS 5.5 with gcc version 2.5.123.el5.
I just wanted to check whether the CVE-2015-1781 is fixed in the current version?
How can I do that?
Right now I dont have access to that machine, so I wanted to check whether its fixed online ( not via shell)?
Thanks for the help.
On Fri, Jun 5, 2015 at 10:26 AM, Venkateswara Rao Dokku dvrao.584@gmail.com wrote:
Hi All,
I am using CentOS 5.5 with gcc version 2.5.123.el5.
Are you really on 5.5? You should consider updating to 5.11.
I just wanted to check whether the CVE-2015-1781 is fixed in the current version?
How can I do that?
Right now I dont have access to that machine, so I wanted to check whether its fixed online ( not via shell)?
https://access.redhat.com/security/cve/CVE-2015-1781
I don't know if CentOS has CVE information online. It's fixed in RHEL 6 so CentOS 6 should have it too. No word on whether RHEL 5/CentOS 5 is affected or not.
John
Thanks for the reply.
Where can we get the info regarding whether its fixed in CentOS 5 or not?
I did rpm -q --changelog <glibc> | grep <CVE>
but I dont find any info on this.
This might means 3 things. 1. The version is not affected so no fix 2. The version is affected, still no fix 3. Fix applied, but not shown in o/p
Thanks
On Fri, Jun 5, 2015 at 2:06 PM, John Tall mjtallx@gmail.com wrote:
On Fri, Jun 5, 2015 at 10:26 AM, Venkateswara Rao Dokku dvrao.584@gmail.com wrote:
Hi All,
I am using CentOS 5.5 with gcc version 2.5.123.el5.
Are you really on 5.5? You should consider updating to 5.11.
I just wanted to check whether the CVE-2015-1781 is fixed in the current version?
How can I do that?
Right now I dont have access to that machine, so I wanted to check
whether
its fixed online ( not via shell)?
https://access.redhat.com/security/cve/CVE-2015-1781
I don't know if CentOS has CVE information online. It's fixed in RHEL 6 so CentOS 6 should have it too. No word on whether RHEL 5/CentOS 5 is affected or not.
John
Latest version of Centos is 5.11, so you needs to update latest minor version to get patches ..
-- Eero
2015-06-05 11:48 GMT+03:00 Venkateswara Rao Dokku dvrao.584@gmail.com:
Thanks for the reply.
Where can we get the info regarding whether its fixed in CentOS 5 or not?
I did rpm -q --changelog <glibc> | grep <CVE>
but I dont find any info on this.
This might means 3 things.
- The version is not affected so no fix
- The version is affected, still no fix
- Fix applied, but not shown in o/p
Thanks
On Fri, Jun 5, 2015 at 2:06 PM, John Tall mjtallx@gmail.com wrote:
On Fri, Jun 5, 2015 at 10:26 AM, Venkateswara Rao Dokku dvrao.584@gmail.com wrote:
Hi All,
I am using CentOS 5.5 with gcc version 2.5.123.el5.
Are you really on 5.5? You should consider updating to 5.11.
I just wanted to check whether the CVE-2015-1781 is fixed in the
current
version?
How can I do that?
Right now I dont have access to that machine, so I wanted to check
whether
its fixed online ( not via shell)?
https://access.redhat.com/security/cve/CVE-2015-1781
I don't know if CentOS has CVE information online. It's fixed in RHEL 6 so CentOS 6 should have it too. No word on whether RHEL 5/CentOS 5 is affected or not.
John
-- Thanks & Regards, Venkateswara Rao Dokku. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Fri, Jun 5, 2015 at 10:48 AM, Venkateswara Rao Dokku dvrao.584@gmail.com wrote:
Thanks for the reply.
Where can we get the info regarding whether its fixed in CentOS 5 or not?
I did rpm -q --changelog <glibc> | grep <CVE>
but I dont find any info on this.
This might means 3 things.
- The version is not affected so no fix
- The version is affected, still no fix
- Fix applied, but not shown in o/p
Thanks
We don't know. Red Hat has only mentioned RHEL 6. When vulnerabilities are found in CentOS 5 which they consider not be important enough to fix they usually mention that in the errata.
According to upstream the bug was introduced in glibc 2.6 so if CentOS 5 has 2.5 then it might be just enough too old. https://sourceware.org/bugzilla/show_bug.cgi?id=18287
Not affected so no fix sounds most plausible.
John
Unless there's more information the best way to find out would be to download the SRPM and check the source code.
Many other security issues affect *unpatched* Centos 5.5 version. Some of very critical too ..
-- Eero
2015-06-05 11:58 GMT+03:00 John Tall mjtallx@gmail.com:
On Fri, Jun 5, 2015 at 10:48 AM, Venkateswara Rao Dokku dvrao.584@gmail.com wrote:
Thanks for the reply.
Where can we get the info regarding whether its fixed in CentOS 5 or not?
I did rpm -q --changelog <glibc> | grep <CVE>
but I dont find any info on this.
This might means 3 things.
- The version is not affected so no fix
- The version is affected, still no fix
- Fix applied, but not shown in o/p
Thanks
We don't know. Red Hat has only mentioned RHEL 6. When vulnerabilities are found in CentOS 5 which they consider not be important enough to fix they usually mention that in the errata.
According to upstream the bug was introduced in glibc 2.6 so if CentOS 5 has 2.5 then it might be just enough too old. https://sourceware.org/bugzilla/show_bug.cgi?id=18287
Not affected so no fix sounds most plausible.
John _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 06/05/2015 04:16 AM, Eero Volotinen wrote:
Many other security issues affect *unpatched* Centos 5.5 version. Some of very critical too ..
-- Eero
This is VERY true !
2015-06-05 11:58 GMT+03:00 John Tall mjtallx@gmail.com:
On Fri, Jun 5, 2015 at 10:48 AM, Venkateswara Rao Dokku dvrao.584@gmail.com wrote:
Thanks for the reply.
Where can we get the info regarding whether its fixed in CentOS 5 or not?
I did rpm -q --changelog <glibc> | grep <CVE>
but I dont find any info on this.
This might means 3 things.
- The version is not affected so no fix
- The version is affected, still no fix
- Fix applied, but not shown in o/p
Thanks
We don't know. Red Hat has only mentioned RHEL 6. When vulnerabilities are found in CentOS 5 which they consider not be important enough to fix they usually mention that in the errata.
According to upstream the bug was introduced in glibc 2.6 so if CentOS 5 has 2.5 then it might be just enough too old. https://sourceware.org/bugzilla/show_bug.cgi?id=18287
Not affected so no fix sounds most plausible.
John
-
Eero Volotinen -
John Tall -
Johnny Hughes -
Venkateswara Rao Dokku