[CentOS] Glibc vulnerbality CVE-2015-1781

Thu Nov 26 00:03:48 UTC 2015
Greg Lindahl <lindahl at pbm.com>

On Tue, Nov 24, 2015 at 10:41:42PM -0600, Frank Cox wrote:
> On Wed, 25 Nov 2015 09:51:58 +0530
> Venkateswara Rao Dokku wrote:
> 
> > In the link it is mentioned that, the CVE will not be fixed in Red-Hat 5
> > version. What does that mean? I mean, whether the RedHat 5 is vulnerable &
> > fix is not available or RedHat 5 is not vulnerable, hence the fix is not
> > given?
> 
> Read what it says a little higher on that webpage, under the Statement heading:
> 
> Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
> 

Also, it's worth mentioning that there's no such thing as CentOS 5.5
-- if you're running that, there are a large number of critical
security fixes which are not present. If you pay for RHEL 5.5, then
you'll have something much safer. With CentOS, you must stay with the
tip to be reasonably secure.

This is explained, somewhat confusingly, in
https://wiki.centos.org/FAQ/General#head-dcca41e9a3d5ac4c6d900a991990fd11930867d6

-- greg