[CentOS] Regarding CVE-2015-1781 vulnerability in Glibc

Fri Jun 5 09:16:31 UTC 2015
Eero Volotinen <eero.volotinen at iki.fi>

Many other security issues affect *unpatched* Centos 5.5 version. Some of
very critical too ..

--
Eero

2015-06-05 11:58 GMT+03:00 John Tall <mjtallx at gmail.com>:

> On Fri, Jun 5, 2015 at 10:48 AM, Venkateswara Rao Dokku
> <dvrao.584 at gmail.com> wrote:
> > Thanks for the reply.
> >
> > Where can we get the info regarding whether its fixed in CentOS 5 or not?
> >
> > I did rpm -q --changelog <glibc> | grep <CVE>
> >
> > but I dont find any info on this.
> >
> > This might means 3 things.
> > 1. The version is not affected so no fix
> > 2. The version is affected, still no fix
> > 3. Fix applied, but not shown in o/p
> >
> > Thanks
>
> We don't know. Red Hat has only mentioned RHEL 6. When vulnerabilities
> are found in CentOS 5 which they consider not be important enough to
> fix they usually mention that in the errata.
>
> According to upstream the bug was introduced in glibc 2.6 so if CentOS
> 5 has 2.5 then it might be just enough too old.
> https://sourceware.org/bugzilla/show_bug.cgi?id=18287
>
> Not affected so no fix sounds most plausible.
>
> John
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>