CVE-2014-4043 Posix_spawn_file_actions_addopen
Hi,
Is there an ETA on when CVE-2014-4043 for glibc will be fixed in CentOS. I see the upstream vendor version glibc-2.20 has this fix supposedly, but I don’t see this specific fix in the CentOS glibc changelogs. I’ve compiled the test code for this bug and as of glibc-2.17.77 the test reports the bug is present. Preferably we’d like this fix on CentOS6.6 as we can’t move to 7.0 yet.
Thanks,
–>Pat
One thought on - CVE-2014-4043 Posix_spawn_file_actions_addopen
This issue is not being addressed by Red Hat in their source code .. it will therefore not be addressed in CentOS either, unless Red Hat changes their mind. We just rebuild Red Hat released source code for RHEL, we do not add security or technical things to that source code.
https://access.redhat.com/security/cve/CVE-2014-4043
and
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-4043
Thanks, Johnny Hughes