This is the mail archive of the libc-help@sourceware.org mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: glibc 2.5 - patch for GHOST (CVE-2015-0235)

On 04/07/2015 05:58 PM, Swati Kher -X (swkher - TALENT SPACE INC at
Cisco) wrote:
> Sorry - I meant backport for glibc-2.21 for RH7 not 2.5 for RH7 - but similar patch and backport

Hi Swati,

On <https://access.redhat.com/security/cve/CVE-2015-0235>, you can see
that this bug was addressed for Red Hat Enterprise Linux 7 via

  <https://rhn.redhat.com/errata/RHSA-2015-0092.html>

Red Hat Enterprise Linux 7 source RPMs are only available to customers
with a valid subscription.  On such as system, you can execute

  yum-downloader --source glibc-2.17-55.el7_0.5

after enabling the source RPM repositories.  Fixed RPM binary packages
are available through the regular system upgrade mechanism.

Alternatively, the change has also been exported to git.centos.org and
is available here:


<https://git.centos.org/commit/rpms!glibc/7190b6dc10b8b8f54a605fe8288caef526e2effc>

Note that this is a backport to 2.17, not a fix for glibc 2.21.  glibc
2.21 is not currently part of any supported Red Hat product.  The
upcoming community release of Fedora 22 will come with glibc 2.21, though.


If your interest in glibc backports is the result of requests from your
security team, I am willing to talk to them directly and explain them
our (Red Hat's) backport policy and security release process.

Florian
-- 
Florian Weimer / Red Hat Product Security
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]