[CentOS] New glibc for CentOS-6 and CentOS-7 and CVE-2015-7547

Michael H michael at wemoto.com
Wed Feb 17 13:08:33 UTC 2016


On 17/02/16 13:01, Johnny Hughes wrote:
> I normally just let the daily announce post to this list show what
> is available for updates, but there is a CVE (CVE-2015-7547) that
> needs a bit more attention which will be on today's announce list
> of updates.
> 
> We released a new glibc yesterday for CentOS-6 and CentOS-7 .. it
> is VERY important that all users update to these versions:  This
> update is rated as Critical by Red Hat, meaning that it is remotely
> exploitable under some circumstances.  Make sure this update works
> in your environments and update as soon as you can.
> 
> CentOS-7: 
> https://lists.centos.org/pipermail/centos-announce/2016-February/021672.html
>
>  https://rhn.redhat.com/errata/RHSA-2016-0176.html
> 
> CentOS-6: 
> https://lists.centos.org/pipermail/centos-announce/2016-February/021668.html
>
>  https://rhn.redhat.com/errata/RHSA-2016-0175.html
> 
> These mitigate CVE-2015-7547: 
> https://access.redhat.com/security/cve/CVE-2015-7547
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1293532
> 
> Can't stress how important this update is .. here are a couple
> stories:
> 
> http://arstechnica.com/security/2016/02/extremely-severe-bug-leaves-dizzying-number-of-apps-and-devices-vulnerable/
>
>  
> http://www.theregister.co.uk/2016/02/16/glibc_linux_dns_vulernability/
>
>  Please note that the ONLY way this is tested to work is with ALL
> updates from CentOS-6 or CentOS-7 applied along with the glibc
> updates.  So a yum update with base and updates repo enabled is the
> ONLY tested scenario.  Did I say *ONLY* enough?
> 
> Thanks, Johnny Hughes

Hi Johnny,

Thank you as always, Should I be rebooting servers to ensure that all
services are using the new glibc?

sorry for the rookie question, just need some clarification.

thanks

Michael




More information about the CentOS mailing list