CVE-2015-5477 patch for centos 6.4

Support for security such as Firewalls and securing linux
Post Reply
guest123
Posts: 2
Joined: 2015/08/03 16:26:47

CVE-2015-5477 patch for centos 6.4

Post by guest123 » 2015/08/03 16:32:02

HI all,

My server is vulnérable to CVE-2015-5477.
do you know when an update will be released to patch this vulnerability for centos 6.4 ?
last updated in repository is 9.8.2-0.30.rc1.el6_6.3.

Best regards

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2015-5477 patch for centos 6.4

Post by TrevorH » 2015/08/03 17:22:35

There are no updates, none, for 6.4 since the release of 6.5. If you're really running 6.4 then that update is the least of your worries, there have been far more serious vulnerabilities than that since 6.5 came out.

The current version is 6.6 and the updates that will become 6.7 are already available in the CR repository http://wiki.centos.org/AdditionalResour ... itories/CR

You are strongly advised to get current by running yum update
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

guest123
Posts: 2
Joined: 2015/08/03 16:26:47

Re: CVE-2015-5477 patch for centos 6.4

Post by guest123 » 2015/08/04 07:46:24

Thanks for your answer.

It's posible to activate CR repositry on my Centos 6.4 just for install package bind-9.8.2-0.37.rc1 ?
My server is in PROD, the updates should be checked before installation.

drk
Posts: 405
Joined: 2014/01/30 20:38:28

Re: CVE-2015-5477 patch for centos 6.4

Post by drk » 2015/08/04 16:55:38

guest123 wrote:It's posible to activate CR repositry on my Centos 6.4 just for install package bind-9.8.2-0.37.rc1 ?
Not much point in that since there are so many other vulnerabilities with 6.4... When 6.7 comes out you should do your testing and implement it into production.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2015-5477 patch for centos 6.4

Post by TrevorH » 2015/08/04 23:31:44

Read the Redhat errata pages for the list of updates you are missing since 6.4 (Feb 2013)

https://rhn.redhat.com/errata/rhel-server-6-errata.html
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply