Venkateswara Rao Dokku
2015-Jun-05 08:26 UTC
[CentOS] Regarding CVE-2015-1781 vulnerability in Glibc
Hi All, I am using CentOS 5.5 with gcc version 2.5.123.el5. I just wanted to check whether the CVE-2015-1781 is fixed in the current version? How can I do that? Right now I dont have access to that machine, so I wanted to check whether its fixed online ( not via shell)? Thanks for the help. -- Thanks & Regards, Venkateswara Rao Dokku.
On Fri, Jun 5, 2015 at 10:26 AM, Venkateswara Rao Dokku <dvrao.584 at gmail.com> wrote:> Hi All, > > I am using CentOS 5.5 with gcc version 2.5.123.el5.Are you really on 5.5? You should consider updating to 5.11.> I just wanted to check whether the CVE-2015-1781 is fixed in the current > version? > > How can I do that? > > > Right now I dont have access to that machine, so I wanted to check whether > its fixed online ( not via shell)?https://access.redhat.com/security/cve/CVE-2015-1781 I don't know if CentOS has CVE information online. It's fixed in RHEL 6 so CentOS 6 should have it too. No word on whether RHEL 5/CentOS 5 is affected or not. John
Venkateswara Rao Dokku
2015-Jun-05 08:48 UTC
[CentOS] Regarding CVE-2015-1781 vulnerability in Glibc
Thanks for the reply. Where can we get the info regarding whether its fixed in CentOS 5 or not? I did rpm -q --changelog <glibc> | grep <CVE> but I dont find any info on this. This might means 3 things. 1. The version is not affected so no fix 2. The version is affected, still no fix 3. Fix applied, but not shown in o/p Thanks On Fri, Jun 5, 2015 at 2:06 PM, John Tall <mjtallx at gmail.com> wrote:> On Fri, Jun 5, 2015 at 10:26 AM, Venkateswara Rao Dokku > <dvrao.584 at gmail.com> wrote: > > Hi All, > > > > I am using CentOS 5.5 with gcc version 2.5.123.el5. > > Are you really on 5.5? You should consider updating to 5.11. > > > I just wanted to check whether the CVE-2015-1781 is fixed in the current > > version? > > > > How can I do that? > > > > > > Right now I dont have access to that machine, so I wanted to check > whether > > its fixed online ( not via shell)? > > https://access.redhat.com/security/cve/CVE-2015-1781 > > I don't know if CentOS has CVE information online. It's fixed in RHEL > 6 so CentOS 6 should have it too. No word on whether RHEL 5/CentOS 5 > is affected or not. > > John >-- Thanks & Regards, Venkateswara Rao Dokku.