On Tue, January 27, 2015 1:58 pm, Peter Lawler wrote:> On 28/01/15 04:47, Always Learning wrote: >> >> Saw this on the Exim List:- >> > <SNIP> >> >> I use Exim on C5 and C6 - should I be worried about Exim on C6 ? >> > > upstream references: > https://rhn.redhat.com/errata/RHSA-2015-0092.htmlWhen I read this I read that it is fixed in glibc-2.12-1.149.el6_6.5.src.rpm (RHEL 6), on my CentOS 6 I have according to " rpm -qi glibc": glibc-2.12-1.149.el6_6.4.src.rpm (which resembles what is latest on public mirror I maintain, and I checked randomly a couple of other mirrors - the same). If I read numbers correctly, we all are one minor (very minor ;-) number behind RHEL.> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235 > > Note that in the openwall.com URL you provided > (http://www.openwall.com/lists/oss-security/2015/01/27/9 ) there is a > simple program (in section 4 - Case Studies) to test whether a given > machine's vulnerable.And when I check the machine with glibc-2.12-1.149.el6_6.4.x86_64 (fully updated CentOS 6) indeed the program from section 4 of openwall page above says "vulnerable". Am I the only one (read: an idiot ;-) or others have the same? Thanks Peter! Valeri> > I dunno what the EOL for C5 patches are, as I don't run it. But reading > http://wiki.centos.org/HowTos/EOL it'd seem that there may be a patch > for it at some stage, despite upstream not referencing their 5th edition > in their notes. > > Cheers, > > Pete. > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
Packages are being built for CentOS 5, 6 & 7 at the moment: https://twitter.com/CentOS/status/560128242682966017 & https://twitter.com/CentOS/status/560138182441070592 On 27 January 2015 at 20:22, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote:> > On Tue, January 27, 2015 1:58 pm, Peter Lawler wrote: > > On 28/01/15 04:47, Always Learning wrote: > >> > >> Saw this on the Exim List:- > >> > > <SNIP> > >> > >> I use Exim on C5 and C6 - should I be worried about Exim on C6 ? > >> > > > > upstream references: > > https://rhn.redhat.com/errata/RHSA-2015-0092.html > > When I read this I read that it is fixed in > glibc-2.12-1.149.el6_6.5.src.rpm (RHEL 6), on my CentOS 6 I have according > to " rpm -qi glibc": glibc-2.12-1.149.el6_6.4.src.rpm (which resembles > what is latest on public mirror I maintain, and I checked randomly a > couple of other mirrors - the same). If I read numbers correctly, we all > are one minor (very minor ;-) number behind RHEL. > > > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235 > > > > Note that in the openwall.com URL you provided > > (http://www.openwall.com/lists/oss-security/2015/01/27/9 ) there is a > > simple program (in section 4 - Case Studies) to test whether a given > > machine's vulnerable. > > And when I check the machine with > glibc-2.12-1.149.el6_6.4.x86_64 > (fully updated CentOS 6) indeed the program from section 4 of openwall > page above says "vulnerable". > > Am I the only one (read: an idiot ;-) or others have the same? > > Thanks Peter! > > Valeri > > > > > I dunno what the EOL for C5 patches are, as I don't run it. But reading > > http://wiki.centos.org/HowTos/EOL it'd seem that there may be a patch > > for it at some stage, despite upstream not referencing their 5th edition > > in their notes. > > > > Cheers, > > > > Pete. > > > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > http://lists.centos.org/mailman/listinfo/centos > > > > > ++++++++++++++++++++++++++++++++++++++++ > Valeri Galtsev > Sr System Administrator > Department of Astronomy and Astrophysics > Kavli Institute for Cosmological Physics > University of Chicago > Phone: 773-702-4247 > ++++++++++++++++++++++++++++++++++++++++ > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >
On 01/27/2015 12:22 PM, Valeri Galtsev wrote:> > On Tue, January 27, 2015 1:58 pm, Peter Lawler wrote: >> On 28/01/15 04:47, Always Learning wrote: >>> >>> Saw this on the Exim List:- >>> >> <SNIP> >>> >>> I use Exim on C5 and C6 - should I be worried about Exim on C6 ? >>> >> >> upstream references: >> https://rhn.redhat.com/errata/RHSA-2015-0092.html > > When I read this I read that it is fixed in > glibc-2.12-1.149.el6_6.5.src.rpm (RHEL 6), on my CentOS 6 I have according > to " rpm -qi glibc": glibc-2.12-1.149.el6_6.4.src.rpm (which resembles > what is latest on public mirror I maintain, and I checked randomly a > couple of other mirrors - the same). If I read numbers correctly, we all > are one minor (very minor ;-) number behind RHEL.The RHN Errata that addresses this issue, RHSA-2015:0092-01, was sent just this morning and not even all the RHN repos makes the update available yet. I don't think it's unreasonable to give the CentOS people a few hours to catch up ;-) -Thomas
On 28/01/15 07:30, Cian Mc Govern wrote:> Packages are being built for CentOS 5, 6 & 7 at the moment: > https://twitter.com/CentOS/status/560128242682966017 & > https://twitter.com/CentOS/status/560138182441070592Thanks Cian :) Pete.
On Tue, January 27, 2015 2:35 pm, Thomas Eriksson wrote:> On 01/27/2015 12:22 PM, Valeri Galtsev wrote: >> >> On Tue, January 27, 2015 1:58 pm, Peter Lawler wrote: >>> On 28/01/15 04:47, Always Learning wrote: >>>> >>>> Saw this on the Exim List:- >>>> >>> <SNIP> >>>> >>>> I use Exim on C5 and C6 - should I be worried about Exim on C6 ? >>>> >>> >>> upstream references: >>> https://rhn.redhat.com/errata/RHSA-2015-0092.html >> >> When I read this I read that it is fixed in >> glibc-2.12-1.149.el6_6.5.src.rpm (RHEL 6), on my CentOS 6 I have >> according >> to " rpm -qi glibc": glibc-2.12-1.149.el6_6.4.src.rpm (which resembles >> what is latest on public mirror I maintain, and I checked randomly a >> couple of other mirrors - the same). If I read numbers correctly, we all >> are one minor (very minor ;-) number behind RHEL. > > The RHN Errata that addresses this issue, RHSA-2015:0092-01, was sent > just this morning and not even all the RHN repos makes the update > available yet. > > I don't think it's unreasonable to give the CentOS people a few hours > to catch up ;-) >Certainly, yes! I did manage to read numbers in package names, but I apparently failed to read dates: I had an impression that ....6.5... is from beginning of January ;-) My apologies! Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++