[CentOS] CVE-2015-0235 - glibc gethostbyname

Tue Jan 27 20:35:05 UTC 2015
Thomas Eriksson <thomas.eriksson at slac.stanford.edu>

On 01/27/2015 12:22 PM, Valeri Galtsev wrote:
> 
> On Tue, January 27, 2015 1:58 pm, Peter Lawler wrote:
>> On 28/01/15 04:47, Always Learning wrote:
>>>
>>> Saw this on the Exim List:-
>>>
>> <SNIP>
>>>
>>> I use Exim on C5 and C6 - should I be worried about Exim on C6 ?
>>>
>>
>> upstream references:
>> https://rhn.redhat.com/errata/RHSA-2015-0092.html
> 
> When I read this I read that it is fixed in
> glibc-2.12-1.149.el6_6.5.src.rpm (RHEL 6), on my CentOS 6 I have according
> to " rpm -qi glibc": glibc-2.12-1.149.el6_6.4.src.rpm (which resembles
> what is latest on public mirror I maintain, and I checked randomly a
> couple of other mirrors - the same). If I read numbers correctly, we all
> are one minor (very minor ;-) number behind RHEL.

The RHN Errata that addresses this issue, RHSA-2015:0092-01, was sent
just this morning and not even all the RHN repos makes the update
available yet.

I don't think it's unreasonable to give the CentOS people a few hours
to catch up ;-)

-Thomas