[CentOS] CVE-2015-0235 - glibc gethostbyname

Tue Jan 27 19:58:18 UTC 2015
Peter Lawler <centos at bleeter.id.au>

On 28/01/15 04:47, Always Learning wrote:
> 
> Saw this on the Exim List:-
> 
<SNIP>
> 
> I use Exim on C5 and C6 - should I be worried about Exim on C6 ?
> 

upstream references:
https://rhn.redhat.com/errata/RHSA-2015-0092.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235

Note that in the openwall.com URL you provided
(http://www.openwall.com/lists/oss-security/2015/01/27/9 ) there is a
simple program (in section 4 - Case Studies) to test whether a given
machine's vulnerable.

I dunno what the EOL for C5 patches are, as I don't run it. But reading
http://wiki.centos.org/HowTos/EOL it'd seem that there may be a patch
for it at some stage, despite upstream not referencing their 5th edition
in their notes.

Cheers,

Pete.