Has anyone verified if the repos have a fix for the bug in glibc that is reference in CVE-2015-7547?
If so, can you tell me the version that glibc should be at to verify if the system has been fixed?
Thanks
CVE-2015-7547 glibc fix
Re: CVE-2015-7547 glibc fix
Updates for the recent glibc CVE-2015-7547 are being built and will be pushed to the mirror network as soon as they are available. Please subscribe to the centos-announce mailing list to keep abreast of all updates. See http://wiki.centos.org/GettingHelp/ListInfo for more information.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: CVE-2015-7547 glibc fix
For CentOS 6, the fixed glibc will be glibc-2.12-1.166.el6_7.7.
[edit: edited]
[edit: edited]
Re: CVE-2015-7547 glibc fix
OK, it's out now. I saw "Updated: glibc-2.12-1.166.el6_7.7.x86_64" in my yum.log this morning.
-
infosatheesh2020
- Posts: 2
- Joined: 2016/02/17 10:30:54
Re: CVE-2015-7547 glibc fix
I see new patch as 2.12-1.166.el6_7.3
Is this the correct patch, because I see el6_7.3 instead of el6_7.7
Is this the correct patch, because I see el6_7.3 instead of el6_7.7
Re: CVE-2015-7547 glibc fix
No, el6_7.3 was the previous version, released in September 2015. You will need el6_7.7 to fix CVE-2015-7547.
-
infosatheesh2020
- Posts: 2
- Joined: 2016/02/17 10:30:54
Re: CVE-2015-7547 glibc fix
Can you help me find the correct package from the repo? I am not able find exact one in updates for http://vault.centos.org
Re: CVE-2015-7547 glibc fix
The vault only contains packages from older releases of CentOS. You should be able to get the new glibc by simply running yum update. If you for some reason need to fetch the packages manually, http://mirror.centos.org/centos/6/updat ... /Packages/ has the files.
http://vault.centos.org/readme.txt wrote:This is _NOT_ an updated tree for installing CentOS Linux. It is a snapshot of the older trees that have been removed from the main CentOS servers as new point releases are released.
This is provided for reference and to provide access to older archived versions, and we do not put security updates into the trees on this server.
Please see this link for active versions of CentOS Linux: https://wiki.centos.org/Download
Unless you have a reason to use old, outdated and insecure software, you should instead be using http://mirror.centos.org/ or a mirror from https://www.centos.org/download/mirrors/
The Following External Vault mirrors (not monitored by the CentOS Infra team !) also provide direct downloads for all content, including isos and rsync access:
...
Re: CVE-2015-7547 glibc fix
Just run yum update to get the fix. If it's not listed then try yum clean all and then repeat the update.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: CVE-2015-7547 glibc fix
I am not getting this update.
I am running 6.5 and have my repository set to this:
[updates]
name=CentOS-$releasever - Updates
baseurl=http://mirror.centos.org/centos/6/os/$basearch
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
I run yum update glibc but am not getting the update.
[root@xxxx]# rpm -q glibc
glibc-2.12-1.166.el6.x86_64
I am running 6.5 and have my repository set to this:
[updates]
name=CentOS-$releasever - Updates
baseurl=http://mirror.centos.org/centos/6/os/$basearch
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
I run yum update glibc but am not getting the update.
[root@xxxx]# rpm -q glibc
glibc-2.12-1.166.el6.x86_64