Regarding CVE-2015-1781 Vulnerability In Glibc

Home » CentOS » Regarding CVE-2015-1781 Vulnerability In Glibc
CentOS 7 Comments

Hi All,

I am using CentOS 5.5 with gcc version 2.5.123.el5.

I just wanted to check whether the CVE-2015-1781 is fixed in the current version?

How can I do that?

Right now I dont have access to that machine, so I wanted to check whether its fixed online ( not via shell)?

Thanks for the help.

7 thoughts on - Regarding CVE-2015-1781 Vulnerability In Glibc

  • Thanks for the reply.

    Where can we get the info regarding whether its fixed in CentOS 5 or not?

    I did rpm -q –changelog | grep

    but I dont find any info on this.

    This might means 3 things.
    1. The version is not affected so no fix
    2. The version is affected, still no fix
    3. Fix applied, but not shown in o/p

    Thanks

  • Latest version of CentOS is 5.11, so you needs to update latest minor version to get patches ..

  • We don’t know. Red Hat has only mentioned RHEL 6. When vulnerabilities are found in CentOS 5 which they consider not be important enough to fix they usually mention that in the errata.

    According to upstream the bug was introduced in glibc 2.6 so if CentOS
    5 has 2.5 then it might be just enough too old. https://sourceware.org/bugzilla/show_bug.cgi?id287

    Not affected so no fix sounds most plausible.

    John

  • Unless there’s more information the best way to find out would be to download the SRPM and check the source code.

  • Many other security issues affect *unpatched* CentOS 5.5 version. Some of very critical too ..