On Mon, Apr 27, 2015 at 02:39:30PM +0530, Venkateswara Rao Dokku wrote:
> Thanks for the replies. The tool that we used for testing the security
> vulnerability is "Nessus".
>
> I have glibc version 2.17-78.el7, I saw that CVE-2015-0235 (Ghost) is fixed
> in this version and I want to apply patch for the vulnerbailities
> CVE-2015-1472 & CVE-2015-1473. Can you please help me in finding the right
> version that has fixes for these?
You have the latest glibc package available.
Checking upstream, Red Hat has their CVE information here:
https://access.redhat.com/security/cve/CVE-2015-1472
https://access.redhat.com/security/cve/CVE-2015-1473
If you look at the CVE page for the Ghost vulnerability
(https://access.redhat.com/security/cve/CVE-2015-0235) it links to any
security advisories which would include an update. Both 1472 and 1473
are marked as 'Low' impact so I suspect there won't be any updated
package to address it until later.
I would STRONGLY suggest against attempting to build your own glibc.
--
Jonathan Billings <billings@xxxxxxxxxx>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
