[CentOS] CVE-2015-0235 - glibc gethostbyname

Wed Jan 28 23:09:21 UTC 2015
David C. Miller <millerdc at fusion.gat.com>


----- Original Message -----
> From: "Simon Banton" <centos at web.org.uk>
> To: "CentOS mailing list" <centos at centos.org>
> Sent: Wednesday, January 28, 2015 6:10:34 AM
> Subject: Re: [CentOS] CVE-2015-0235 - glibc gethostbyname
> 
> Hi,
> 
> For reasons which are too tiresome to bore you all with, I have an
> obligation to look after a suite of legacy CentOS 4.x systems which
> cannot be migrated upwards.
> 
> I note on https://access.redhat.com/articles/1332213 the following
> comment from a RHN person:
> 
> >We are currently working on and testing errata for RHEL 4, we will
> >post an update for it as soon as it's ready. Thank you for your
> >patience!
> 
> Is there *any* prospect of updated glibc packages for CentOS 4.x
> being made available?
> 
> Cheers
> S.

Although I hate Oracle with a fury, one good thing is that they put all the updates they rebuild for their RHEL clone in a publicly viewable site. I'm guessing they pay Redhat for extended support on end of life RHEL4 to get access to the source rpms. I learned about this from another list member back when the bash shell shock exploit hit. 

http://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/

David Miller.