On Fri, Jun 5, 2015 at 10:48 AM, Venkateswara Rao Dokku <dvrao.584 at gmail.com> wrote: > Thanks for the reply. > > Where can we get the info regarding whether its fixed in CentOS 5 or not? > > I did rpm -q --changelog <glibc> | grep <CVE> > > but I dont find any info on this. > > This might means 3 things. > 1. The version is not affected so no fix > 2. The version is affected, still no fix > 3. Fix applied, but not shown in o/p > > Thanks We don't know. Red Hat has only mentioned RHEL 6. When vulnerabilities are found in CentOS 5 which they consider not be important enough to fix they usually mention that in the errata. According to upstream the bug was introduced in glibc 2.6 so if CentOS 5 has 2.5 then it might be just enough too old. https://sourceware.org/bugzilla/show_bug.cgi?id=18287 Not affected so no fix sounds most plausible. John