On Tue, January 27, 2015 2:35 pm, Thomas Eriksson wrote:> On 01/27/2015 12:22 PM, Valeri Galtsev wrote: >> >> On Tue, January 27, 2015 1:58 pm, Peter Lawler wrote: >>> On 28/01/15 04:47, Always Learning wrote: >>>> >>>> Saw this on the Exim List:- >>>> >>> <SNIP> >>>> >>>> I use Exim on C5 and C6 - should I be worried about Exim on C6 ? >>>> >>> >>> upstream references: >>> https://rhn.redhat.com/errata/RHSA-2015-0092.html >> >> When I read this I read that it is fixed in >> glibc-2.12-1.149.el6_6.5.src.rpm (RHEL 6), on my CentOS 6 I have >> according >> to " rpm -qi glibc": glibc-2.12-1.149.el6_6.4.src.rpm (which resembles >> what is latest on public mirror I maintain, and I checked randomly a >> couple of other mirrors - the same). If I read numbers correctly, we all >> are one minor (very minor ;-) number behind RHEL. > > The RHN Errata that addresses this issue, RHSA-2015:0092-01, was sent > just this morning and not even all the RHN repos makes the update > available yet. > > I don't think it's unreasonable to give the CentOS people a few hours > to catch up ;-) >Certainly, yes! I did manage to read numbers in package names, but I apparently failed to read dates: I had an impression that ....6.5... is from beginning of January ;-) My apologies! Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
Hi, For reasons which are too tiresome to bore you all with, I have an obligation to look after a suite of legacy CentOS 4.x systems which cannot be migrated upwards. I note on https://access.redhat.com/articles/1332213 the following comment from a RHN person:>We are currently working on and testing errata for RHEL 4, we will >post an update for it as soon as it's ready. Thank you for your >patience!Is there *any* prospect of updated glibc packages for CentOS 4.x being made available? Cheers S.
----- Original Message -----> From: "Simon Banton" <centos at web.org.uk> > To: "CentOS mailing list" <centos at centos.org> > Sent: Wednesday, January 28, 2015 6:10:34 AM > Subject: Re: [CentOS] CVE-2015-0235 - glibc gethostbyname > > Hi, > > For reasons which are too tiresome to bore you all with, I have an > obligation to look after a suite of legacy CentOS 4.x systems which > cannot be migrated upwards. > > I note on https://access.redhat.com/articles/1332213 the following > comment from a RHN person: > > >We are currently working on and testing errata for RHEL 4, we will > >post an update for it as soon as it's ready. Thank you for your > >patience! > > Is there *any* prospect of updated glibc packages for CentOS 4.x > being made available? > > Cheers > S.Although I hate Oracle with a fury, one good thing is that they put all the updates they rebuild for their RHEL clone in a publicly viewable site. I'm guessing they pay Redhat for extended support on end of life RHEL4 to get access to the source rpms. I learned about this from another list member back when the bash shell shock exploit hit. http://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/ David Miller.