On Tue, Nov 24, 2015 at 10:41:42PM -0600, Frank Cox wrote: > On Wed, 25 Nov 2015 09:51:58 +0530 > Venkateswara Rao Dokku wrote: > > > In the link it is mentioned that, the CVE will not be fixed in Red-Hat 5 > > version. What does that mean? I mean, whether the RedHat 5 is vulnerable & > > fix is not available or RedHat 5 is not vulnerable, hence the fix is not > > given? > > Read what it says a little higher on that webpage, under the Statement heading: > > Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. > Also, it's worth mentioning that there's no such thing as CentOS 5.5 -- if you're running that, there are a large number of critical security fixes which are not present. If you pay for RHEL 5.5, then you'll have something much safer. With CentOS, you must stay with the tip to be reasonably secure. This is explained, somewhat confusingly, in https://wiki.centos.org/FAQ/General#head-dcca41e9a3d5ac4c6d900a991990fd11930867d6 -- greg