On 06/05/2015 04:16 AM, Eero Volotinen wrote: > Many other security issues affect *unpatched* Centos 5.5 version. Some of > very critical too .. > > -- > Eero This is VERY true ! > > 2015-06-05 11:58 GMT+03:00 John Tall <mjtallx at gmail.com>: > >> On Fri, Jun 5, 2015 at 10:48 AM, Venkateswara Rao Dokku >> <dvrao.584 at gmail.com> wrote: >>> Thanks for the reply. >>> >>> Where can we get the info regarding whether its fixed in CentOS 5 or not? >>> >>> I did rpm -q --changelog <glibc> | grep <CVE> >>> >>> but I dont find any info on this. >>> >>> This might means 3 things. >>> 1. The version is not affected so no fix >>> 2. The version is affected, still no fix >>> 3. Fix applied, but not shown in o/p >>> >>> Thanks >> >> We don't know. Red Hat has only mentioned RHEL 6. When vulnerabilities >> are found in CentOS 5 which they consider not be important enough to >> fix they usually mention that in the errata. >> >> According to upstream the bug was introduced in glibc 2.6 so if CentOS >> 5 has 2.5 then it might be just enough too old. >> https://sourceware.org/bugzilla/show_bug.cgi?id=18287 >> >> Not affected so no fix sounds most plausible. >> >> John -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20150605/92fe1892/attachment-0004.sig>