[CentOS] CVE-2015-0235 - glibc gethostbyname

Wed Jan 28 23:38:53 UTC 2015
Valeri Galtsev <galtsev at kicp.uchicago.edu>

On Wed, January 28, 2015 5:09 pm, David C. Miller wrote:
> ----- Original Message -----
>> From: "Simon Banton" <centos at web.org.uk>
>> To: "CentOS mailing list" <centos at centos.org>
>> Sent: Wednesday, January 28, 2015 6:10:34 AM
>> Subject: Re: [CentOS] CVE-2015-0235 - glibc gethostbyname
>> Hi,
>> For reasons which are too tiresome to bore you all with, I have an
>> obligation to look after a suite of legacy CentOS 4.x systems which
>> cannot be migrated upwards.
>> I note on https://access.redhat.com/articles/1332213 the following
>> comment from a RHN person:
>> >We are currently working on and testing errata for RHEL 4, we will
>> >post an update for it as soon as it's ready. Thank you for your
>> >patience!
>> Is there *any* prospect of updated glibc packages for CentOS 4.x
>> being made available?
>> Cheers
>> S.
> Although I hate Oracle with a fury, one good thing is that they put all
> the updates they rebuild for their RHEL clone in a publicly viewable site.

The just follow what is written in GPL license. And so does RedHat (and I
respect RedHat for always meticulously obeying the requiremetns of GPL -
at least that is my observation for about one a a half decades)


> I'm guessing they pay Redhat for extended support on end of life RHEL4 to
> get access to the source rpms. I learned about this from another list
> member back when the bash shell shock exploit hit.
> http://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/
> David Miller.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247