----- Original Message ----- > From: "Simon Banton" <centos at web.org.uk> > To: "CentOS mailing list" <centos at centos.org> > Sent: Wednesday, January 28, 2015 6:10:34 AM > Subject: Re: [CentOS] CVE-2015-0235 - glibc gethostbyname > > Hi, > > For reasons which are too tiresome to bore you all with, I have an > obligation to look after a suite of legacy CentOS 4.x systems which > cannot be migrated upwards. > > I note on https://access.redhat.com/articles/1332213 the following > comment from a RHN person: > > >We are currently working on and testing errata for RHEL 4, we will > >post an update for it as soon as it's ready. Thank you for your > >patience! > > Is there *any* prospect of updated glibc packages for CentOS 4.x > being made available? > > Cheers > S. Although I hate Oracle with a fury, one good thing is that they put all the updates they rebuild for their RHEL clone in a publicly viewable site. I'm guessing they pay Redhat for extended support on end of life RHEL4 to get access to the source rpms. I learned about this from another list member back when the bash shell shock exploit hit. http://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/ David Miller.