Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

RedHat has patches out for RHEL5 only so far

https://rhn.redhat.com/errata/RHSA-2015-0090.html




The Qualys security advisory says that it was fixed independently in 2013, so RHEL6 and 7 might already have the fix.

http://www.openwall.com/lists/oss-security/2015/01/27/9


Yes, it was fixed upstream in glibc, but that doesn't mean the distros actually get the patch into their distribution. In fact, the report states: "Unfortunately, it was not recognized as a security threat; as a result, most stable and long-term-support distributions were left exposed (and still are): Debian 7 (wheezy), Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7, Ubuntu 12.04, for example."


Correct, if you download the src rpm for the latest version of glibc for RHEL 6.5 and compare it with the fix, you will see it is not patched.


Oh yeah, that was obvious, not sure how I missed it. Thanks.


I spent most of the day tracking down the status of various Linux distros. Blog post forthcoming, but the TL;DR is that you need to patch RedHat.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: