This is the mail archive of the
libc-help@sourceware.org
mailing list for the glibc project.
Re: glibc 2.5 - patch for GHOST (CVE-2015-0235)
- From: Florian Weimer <fweimer at redhat dot com>
- To: "Swati Kher -X (swkher - TALENT SPACE INC at Cisco)" <swkher at cisco dot com>, "libc-help at sourceware dot org" <libc-help at sourceware dot org>
- Date: Tue, 07 Apr 2015 18:11:55 +0200
- Subject: Re: glibc 2.5 - patch for GHOST (CVE-2015-0235)
- Authentication-results: sourceware.org; auth=none
- References: <1de689ab dot 4c262918 dot 54db86d1 dot e1dc3 at o2 dot pl> <54DB9333 dot 3080104 at redhat dot com> <2e9c1776 dot 4b615d65 dot 54dc6523 dot aaa44 at o2 dot pl> <54DCC0BF dot 8000000 at redhat dot com> <4cc9a3ca dot 539e3d09 dot 55196183 dot 805e3 at o2 dot pl> <5523CA2D dot 50705 at redhat dot com> <6504C6E73D8D5347BB2FBCB6F781468A01AEFDF8 at xmb-rcd-x05 dot cisco dot com> <6504C6E73D8D5347BB2FBCB6F781468A01AEFF0B at xmb-rcd-x05 dot cisco dot com>
On 04/07/2015 05:58 PM, Swati Kher -X (swkher - TALENT SPACE INC at
Cisco) wrote:
> Sorry - I meant backport for glibc-2.21 for RH7 not 2.5 for RH7 - but similar patch and backport
Hi Swati,
On <https://access.redhat.com/security/cve/CVE-2015-0235>, you can see
that this bug was addressed for Red Hat Enterprise Linux 7 via
<https://rhn.redhat.com/errata/RHSA-2015-0092.html>
Red Hat Enterprise Linux 7 source RPMs are only available to customers
with a valid subscription. On such as system, you can execute
yum-downloader --source glibc-2.17-55.el7_0.5
after enabling the source RPM repositories. Fixed RPM binary packages
are available through the regular system upgrade mechanism.
Alternatively, the change has also been exported to git.centos.org and
is available here:
<https://git.centos.org/commit/rpms!glibc/7190b6dc10b8b8f54a605fe8288caef526e2effc>
Note that this is a backport to 2.17, not a fix for glibc 2.21. glibc
2.21 is not currently part of any supported Red Hat product. The
upcoming community release of Fedora 22 will come with glibc 2.21, though.
If your interest in glibc backports is the result of requests from your
security team, I am willing to talk to them directly and explain them
our (Red Hat's) backport policy and security release process.
Florian
--
Florian Weimer / Red Hat Product Security