Security – No success when trying to upgrade glibc on RHEL4 due to GHOST

ghostredhatrhel4Security

Due to the recent GHOST vulnerability I was trying to upgrade the glibc version on our RHEL4.

The command I tried using was:
rpm -Uvh glibc-2.3.4-2.57.x86_64.rpm

Result was:

[root@rhel4-test ~]# rpm -Uvh glibc-2.3.4-2.57.i686.rpm
warning: glibc-2.3.4-2.57.i686.rpm: V3 DSA signature: NOKEY, key ID db42a60e
Preparing... ########################################### [100%]
package glibc-2.3.4-2.57 is already installed

The changelog on the RedHat support site seems pretty old although the version matches.

Has anyone managed to upgrade RHEL4 against GHOST (CVE-2015-0235) vulnerability?

Best Answer

RHEL 4 is in what Red Hat calls Extended Life Phase.

...For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No security fixes, bug fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.

You can buy an Extended Life Cycle Support (ELS) subscription add-on for extended support.

Available during the Extended Life Phase of the product life cycle for Red Hat Enterprise Linux 4 and 5,the Extended Life Cycle Support Add-On delivers critical-impact security fixes and selected urgent-priority bug fixes that are available and qualified for the latest versions of a published subset of packages in a specific major release of Red Hat Enterprise Linux after the end of the Production 3 Phase.

If you have an ELS subscription so there is an update available as RHSA-2015:0101-1.

Your RHEL 4 system needs to subscribed to the correct channels in the RHN portal or with your Satellite server and then you run up2date -u glibc.

Related Topic