Hi, Is there an ETA on when CVE-2014-4043 for glibc will be fixed in centos. I see the upstream vendor version glibc-2.20 has this fix supposedly, but I don't see this specific fix in the centos glibc changelogs. I've compiled the test code for this bug and as of glibc-2.17.77 the test reports the bug is present. Preferably we'd like this fix on centos6.6 as we can't move to 7.0 yet.
Thanks, -->Pat
On 05/26/2015 10:59 AM, Patrick Rael wrote:
Hi, Is there an ETA on when CVE-2014-4043 for glibc will be fixed in centos. I see the upstream vendor version glibc-2.20 has this fix supposedly, but I don't see this specific fix in the centos glibc changelogs. I've compiled the test code for this bug and as of glibc-2.17.77 the test reports the bug is present. Preferably we'd like this fix on centos6.6 as we can't move to 7.0 yet.
Thanks, -->Pat
This issue is not being addressed by Red Hat in their source code .. it will therefore not be addressed in CentOS either, unless Red Hat changes their mind. We just rebuild Red Hat released source code for RHEL, we do not add security or technical things to that source code.
https://access.redhat.com/security/cve/CVE-2014-4043
and
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-4043
Thanks, Johnny Hughes
-
Johnny Hughes -
Patrick Rael