On Wed, January 28, 2015 5:09 pm, David C. Miller wrote: > > > ----- Original Message ----- >> From: "Simon Banton" <centos at web.org.uk> >> To: "CentOS mailing list" <centos at centos.org> >> Sent: Wednesday, January 28, 2015 6:10:34 AM >> Subject: Re: [CentOS] CVE-2015-0235 - glibc gethostbyname >> >> Hi, >> >> For reasons which are too tiresome to bore you all with, I have an >> obligation to look after a suite of legacy CentOS 4.x systems which >> cannot be migrated upwards. >> >> I note on https://access.redhat.com/articles/1332213 the following >> comment from a RHN person: >> >> >We are currently working on and testing errata for RHEL 4, we will >> >post an update for it as soon as it's ready. Thank you for your >> >patience! >> >> Is there *any* prospect of updated glibc packages for CentOS 4.x >> being made available? >> >> Cheers >> S. > > Although I hate Oracle with a fury, one good thing is that they put all > the updates they rebuild for their RHEL clone in a publicly viewable site. The just follow what is written in GPL license. And so does RedHat (and I respect RedHat for always meticulously obeying the requiremetns of GPL - at least that is my observation for about one a a half decades) Valeri > I'm guessing they pay Redhat for extended support on end of life RHEL4 to > get access to the source rpms. I learned about this from another list > member back when the bash shell shock exploit hit. > > http://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/ > > David Miller. > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++