[CentOS] New glibc for CentOS-6 and CentOS-7 and CVE-2015-7547

Johnny Hughes

johnny at centos.org
Wed Feb 17 13:01:39 UTC 2016 

I normally just let the daily announce post to this list show what is
available for updates, but there is a CVE (CVE-2015-7547) that needs a
bit more attention which will be on today's announce list of updates.

We released a new glibc yesterday for CentOS-6 and CentOS-7 .. it is
VERY important that all users update to these versions:  This update is
rated as Critical by Red Hat, meaning that it is remotely exploitable
under some circumstances.  Make sure this update works in your
environments and update as soon as you can.

CentOS-7:
https://lists.centos.org/pipermail/centos-announce/2016-February/021672.html

https://rhn.redhat.com/errata/RHSA-2016-0176.html

CentOS-6:
https://lists.centos.org/pipermail/centos-announce/2016-February/021668.html

https://rhn.redhat.com/errata/RHSA-2016-0175.html

These mitigate CVE-2015-7547:
https://access.redhat.com/security/cve/CVE-2015-7547

https://bugzilla.redhat.com/show_bug.cgi?id=1293532

Can't stress how important this update is .. here are a couple stories:

http://arstechnica.com/security/2016/02/extremely-severe-bug-leaves-dizzying-number-of-apps-and-devices-vulnerable/

http://www.theregister.co.uk/2016/02/16/glibc_linux_dns_vulernability/

Please note that the ONLY way this is tested to work is with ALL updates
from CentOS-6 or CentOS-7 applied along with the glibc updates.  So a
yum update with base and updates repo enabled is the ONLY tested
scenario.  Did I say *ONLY* enough?

Thanks,
Johnny Hughes

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20160217/b9a18952/attachment.sig>

More information about the CentOS mailing list