Regarding CVE-2015-1781 Vulnerability In Glibc
Hi All,
I am using CentOS 5.5 with gcc version 2.5.123.el5.
I just wanted to check whether the CVE-2015-1781 is fixed in the current version?
How can I do that?
Right now I dont have access to that machine, so I wanted to check whether its fixed online ( not via shell)?
Thanks for the help.
7 thoughts on - Regarding CVE-2015-1781 Vulnerability In Glibc
Are you really on 5.5? You should consider updating to 5.11.
https://access.redhat.com/security/cve/CVE-2015-1781
I don’t know if CentOS has CVE information online. It’s fixed in RHEL
6 so CentOS 6 should have it too. No word on whether RHEL 5/CentOS 5
is affected or not.
John
Thanks for the reply.
Where can we get the info regarding whether its fixed in CentOS 5 or not?
I did rpm -q –changelog | grep
but I dont find any info on this.
This might means 3 things.
1. The version is not affected so no fix
2. The version is affected, still no fix
3. Fix applied, but not shown in o/p
Thanks
Latest version of CentOS is 5.11, so you needs to update latest minor version to get patches ..
We don’t know. Red Hat has only mentioned RHEL 6. When vulnerabilities are found in CentOS 5 which they consider not be important enough to fix they usually mention that in the errata.
According to upstream the bug was introduced in glibc 2.6 so if CentOS
5 has 2.5 then it might be just enough too old. https://sourceware.org/bugzilla/show_bug.cgi?id287
Not affected so no fix sounds most plausible.
John
Unless there’s more information the best way to find out would be to download the SRPM and check the source code.
Many other security issues affect *unpatched* CentOS 5.5 version. Some of very critical too ..
This is VERY true !