[CentOS] Regarding CVE-2015-1781 vulnerability in Glibc

Fri Jun 5 18:48:13 UTC 2015
Johnny Hughes <johnny at centos.org>

On 06/05/2015 04:16 AM, Eero Volotinen wrote:
> Many other security issues affect *unpatched* Centos 5.5 version. Some of
> very critical too ..
> 
> --
> Eero


This is VERY true !

> 
> 2015-06-05 11:58 GMT+03:00 John Tall <mjtallx at gmail.com>:
> 
>> On Fri, Jun 5, 2015 at 10:48 AM, Venkateswara Rao Dokku
>> <dvrao.584 at gmail.com> wrote:
>>> Thanks for the reply.
>>>
>>> Where can we get the info regarding whether its fixed in CentOS 5 or not?
>>>
>>> I did rpm -q --changelog <glibc> | grep <CVE>
>>>
>>> but I dont find any info on this.
>>>
>>> This might means 3 things.
>>> 1. The version is not affected so no fix
>>> 2. The version is affected, still no fix
>>> 3. Fix applied, but not shown in o/p
>>>
>>> Thanks
>>
>> We don't know. Red Hat has only mentioned RHEL 6. When vulnerabilities
>> are found in CentOS 5 which they consider not be important enough to
>> fix they usually mention that in the errata.
>>
>> According to upstream the bug was introduced in glibc 2.6 so if CentOS
>> 5 has 2.5 then it might be just enough too old.
>> https://sourceware.org/bugzilla/show_bug.cgi?id=18287
>>
>> Not affected so no fix sounds most plausible.
>>
>> John


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20150605/92fe1892/attachment-0005.sig>