Patrick Rael
2015-May-26 15:59 UTC
[CentOS] CVE-2014-4043 posix_spawn_file_actions_addopen
Hi,
Is there an ETA on when CVE-2014-4043 for glibc will be fixed in
centos.
I see the upstream vendor version glibc-2.20 has this fix supposedly, but
I don't see this specific fix in the centos glibc changelogs. I've
compiled the
test code for this bug and as of glibc-2.17.77 the test reports the bug
is present.
Preferably we'd like this fix on centos6.6 as we can't move to 7.0 yet.
Thanks,
-->Pat
Johnny Hughes
2015-May-26 16:28 UTC
[CentOS] CVE-2014-4043 posix_spawn_file_actions_addopen
On 05/26/2015 10:59 AM, Patrick Rael wrote:> Hi, > Is there an ETA on when CVE-2014-4043 for glibc will be fixed in > centos. > I see the upstream vendor version glibc-2.20 has this fix supposedly, but > I don't see this specific fix in the centos glibc changelogs. I've > compiled the > test code for this bug and as of glibc-2.17.77 the test reports the bug > is present. > Preferably we'd like this fix on centos6.6 as we can't move to 7.0 yet. > > Thanks, > -->PatThis issue is not being addressed by Red Hat in their source code .. it will therefore not be addressed in CentOS either, unless Red Hat changes their mind. We just rebuild Red Hat released source code for RHEL, we do not add security or technical things to that source code. https://access.redhat.com/security/cve/CVE-2014-4043 and https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-4043 Thanks, Johnny Hughes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20150526/5c0a04d2/attachment-0001.sig>