[CentOS] CVE-2015-0235 - glibc gethostbyname

Tue Jan 27 20:40:53 UTC 2015
Valeri Galtsev <galtsev at kicp.uchicago.edu>

On Tue, January 27, 2015 2:35 pm, Thomas Eriksson wrote:
> On 01/27/2015 12:22 PM, Valeri Galtsev wrote:
>>
>> On Tue, January 27, 2015 1:58 pm, Peter Lawler wrote:
>>> On 28/01/15 04:47, Always Learning wrote:
>>>>
>>>> Saw this on the Exim List:-
>>>>
>>> <SNIP>
>>>>
>>>> I use Exim on C5 and C6 - should I be worried about Exim on C6 ?
>>>>
>>>
>>> upstream references:
>>> https://rhn.redhat.com/errata/RHSA-2015-0092.html
>>
>> When I read this I read that it is fixed in
>> glibc-2.12-1.149.el6_6.5.src.rpm (RHEL 6), on my CentOS 6 I have
>> according
>> to " rpm -qi glibc": glibc-2.12-1.149.el6_6.4.src.rpm (which resembles
>> what is latest on public mirror I maintain, and I checked randomly a
>> couple of other mirrors - the same). If I read numbers correctly, we all
>> are one minor (very minor ;-) number behind RHEL.
>
> The RHN Errata that addresses this issue, RHSA-2015:0092-01, was sent
> just this morning and not even all the RHN repos makes the update
> available yet.
>
> I don't think it's unreasonable to give the CentOS people a few hours
> to catch up ;-)
>

Certainly, yes! I did manage to read numbers in package names, but I
apparently failed to read dates: I had an impression that ....6.5... is
from beginning of January ;-) My apologies!

Valeri

++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++