[CentOS] Regarding CVE-2015-1781 vulnerability in Glibc

Fri Jun 5 08:58:39 UTC 2015
John Tall <mjtallx at gmail.com>

On Fri, Jun 5, 2015 at 10:48 AM, Venkateswara Rao Dokku
<dvrao.584 at gmail.com> wrote:
> Thanks for the reply.
>
> Where can we get the info regarding whether its fixed in CentOS 5 or not?
>
> I did rpm -q --changelog <glibc> | grep <CVE>
>
> but I dont find any info on this.
>
> This might means 3 things.
> 1. The version is not affected so no fix
> 2. The version is affected, still no fix
> 3. Fix applied, but not shown in o/p
>
> Thanks

We don't know. Red Hat has only mentioned RHEL 6. When vulnerabilities
are found in CentOS 5 which they consider not be important enough to
fix they usually mention that in the errata.

According to upstream the bug was introduced in glibc 2.6 so if CentOS
5 has 2.5 then it might be just enough too old.
https://sourceware.org/bugzilla/show_bug.cgi?id=18287

Not affected so no fix sounds most plausible.

John