[CentOS] CVE-2014-4043 posix_spawn_file_actions_addopen

Tue May 26 16:28:57 UTC 2015
Johnny Hughes <johnny at centos.org>

On 05/26/2015 10:59 AM, Patrick Rael wrote:
> Hi,
>       Is there an ETA on when CVE-2014-4043 for glibc will be fixed in
> centos.
> I see the upstream vendor version glibc-2.20 has this fix supposedly, but
> I don't see this specific fix in the centos glibc changelogs.   I've
> compiled the
> test code for this bug and as of glibc-2.17.77 the test reports the bug
> is present.
> Preferably we'd like this fix on centos6.6 as we can't move to 7.0 yet.
> 
> Thanks,
> -->Pat

This issue is not being addressed by Red Hat in their source code .. it
will therefore not be addressed in CentOS either, unless Red Hat changes
their mind.  We just rebuild Red Hat released source code for RHEL, we
do not add security or technical things to that source code.

https://access.redhat.com/security/cve/CVE-2014-4043

and

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-4043

Thanks,
Johnny Hughes

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20150526/5c0a04d2/attachment-0005.sig>