Page 1 of 3
CVE-2015-7547 glibc fix
Posted: 2016/02/16 20:51:59
by ewm76903
Has anyone verified if the repos have a fix for the bug in glibc that is reference in CVE-2015-7547?
If so, can you tell me the version that glibc should be at to verify if the system has been fixed?
Thanks
Re: CVE-2015-7547 glibc fix
Posted: 2016/02/16 21:15:47
by TrevorH
Updates for the recent glibc CVE-2015-7547 are being built and will be pushed to the mirror network as soon as they are available. Please subscribe to the centos-announce mailing list to keep abreast of all updates. See
http://wiki.centos.org/GettingHelp/ListInfo for more information.
Re: CVE-2015-7547 glibc fix
Posted: 2016/02/16 21:46:15
by avij
For CentOS 6, the fixed glibc will be glibc-2.12-1.166.el6_7.7.
[edit: edited]
Re: CVE-2015-7547 glibc fix
Posted: 2016/02/17 05:13:51
by avij
OK, it's out now. I saw "Updated: glibc-2.12-1.166.el6_7.7.x86_64" in my yum.log this morning.
Re: CVE-2015-7547 glibc fix
Posted: 2016/02/17 10:35:16
by infosatheesh2020
I see new patch as 2.12-1.166.el6_7.3
Is this the correct patch, because I see el6_7.3 instead of el6_7.7
Re: CVE-2015-7547 glibc fix
Posted: 2016/02/17 10:41:30
by avij
No, el6_7.3 was the previous version, released in September 2015. You will need el6_7.7 to fix CVE-2015-7547.
Re: CVE-2015-7547 glibc fix
Posted: 2016/02/17 12:02:36
by infosatheesh2020
Can you help me find the correct package from the repo? I am not able find exact one in updates for
http://vault.centos.org
Re: CVE-2015-7547 glibc fix
Posted: 2016/02/17 12:22:26
by avij
The vault only contains packages from older releases of CentOS. You should be able to get the new glibc by simply running
yum update. If you for some reason need to fetch the packages manually,
http://mirror.centos.org/centos/6/updat ... /Packages/ has the files.
http://vault.centos.org/readme.txt wrote:This is _NOT_ an updated tree for installing CentOS Linux. It is a snapshot of the older trees that have been removed from the main CentOS servers as new point releases are released.
This is provided for reference and to provide access to older archived versions, and we do not put security updates into the trees on this server.
Please see this link for active versions of CentOS Linux:
https://wiki.centos.org/Download
Unless you have a reason to use old, outdated and insecure software, you should instead be using
http://mirror.centos.org/ or a mirror from
https://www.centos.org/download/mirrors/
The Following External Vault mirrors (not monitored by the CentOS Infra team !) also provide direct downloads for all content, including isos and rsync access:
...
Re: CVE-2015-7547 glibc fix
Posted: 2016/02/17 16:41:20
by TrevorH
Just run yum update to get the fix. If it's not listed then try yum clean all and then repeat the update.
Re: CVE-2015-7547 glibc fix
Posted: 2016/02/17 23:52:34
by gromitmpl
I am not getting this update.
I am running 6.5 and have my repository set to this:
[updates]
name=CentOS-$releasever - Updates
baseurl=
http://mirror.centos.org/centos/6/os/$basearch
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
I run yum update glibc but am not getting the update.
[root@xxxx]# rpm -q glibc
glibc-2.12-1.166.el6.x86_64