![]() Although there was a patch, considered non-critical, on versions glibc - 2.17 and glibc - 2.18, most linux OS are impacted. The first referenced impacted version is glibc - 2.2, whose publication date November 10, 2000. for more information, see the note following CVE CVE-2015-0235 or the note Qualys. An attacker could obtain full control of affected systems. ![]() Would allow code execution locally or remotely on your linux. did ya? How about an el3.i686 version? ) believe it or not, I still have one el3 box.Yesterday a critical security vulnerability has been published by Qualys concerning the GNU Library but I don't suppose you built the i686 version, too. > binaries from it with "rpmbuild -rebuild".ĭurval, thanks for that. > and after checking that my modifications are legit, produce your own > open it up with rpm2cpio and compare it to RH's standard RPM it's based on, so you don't have to trust my packages: you can download the SRPM, > Everything is there, including binaries, the. > RPMs, here are updated packages which (according to the ghost.c test > the backporting for the patch and retroffited it into the oldie RHEL glibc > As my clients still have quite a few EL4 servers in production, I've done > cycle support still ? (it looks vulnerable) > Does a statement about RHEL4 exist yet seeing that it is in extended life (In reply to Durval Menezes from comment #33) I'm willing to accept that this *may* be a faulty build from the SL team - but putting this here as a placeholder in case we start seeing more reports from CentOS etc. ![]() I've mailed Pat & the SL-Devel mailing list, post here: ![]() Reverting to these versions gives a working system: ![]() For Scientific Linux users, currently updating to these packages causes most tools to segfault: ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |