Closed
Description
yum command option of RHEL5 is not the same as RHEL6, 7
https://access.redhat.com/solutions/10021
[root@ip-172-31-15-139 ~]# yum list-sec
Loaded plugins: amazon-id, fastestmirror, rhui-lb, security
Loading mirror speeds from cached hostfile
* rhui-REGION-client-config-server-5: rhui2-cds01.ap-northeast-1.aws.ce.redhat.com
* rhui-REGION-rhel-server: rhui2-cds01.ap-northeast-1.aws.ce.redhat.com
Excluding Packages from Red Hat Enterprise Linux Server 5 (RPMs)
Finished
rhui-REGION-rhel-server/updateinfo | 2.8 MB 00:00
RHBA-2014:1368 bugfix at-3.1.8-84.el5_11.1.x86_64
RHSA-2014:1984 security bind-libs-30:9.3.6-25.P1.el5_11.2.x86_64
RHSA-2015:1514 security bind-libs-30:9.3.6-25.P1.el5_11.3.x86_64
RHEA-2016:2832 enhancement tzdata-2016j-1.el5.x86_64
RHBA-2015:1652 bugfix udev-095-14.33.el5_11.x86_64
list-sec done
[root@ip-172-31-15-139 ~]# yum list-security --security
Loaded plugins: amazon-id, fastestmirror, rhui-lb, security
Loading mirror speeds from cached hostfile
* rhui-REGION-client-config-server-5: rhui2-cds01.ap-northeast-1.aws.ce.redhat.com
* rhui-REGION-rhel-server: rhui2-cds01.ap-northeast-1.aws.ce.redhat.com
Excluding Packages from Red Hat Enterprise Linux Server 5 (RPMs)
Finished
RHSA-2014:1984 security bind-libs-30:9.3.6-25.P1.el5_11.2.x86_64
RHSA-2016:2141 security bind-utils-30:9.3.6-25.P1.el5_11.11.x86_64
RHSA-2015:0090 security glibc-2.5-123.el5_11.1.x86_64
RHSA-2015:1627 security glibc-2.5-123.el5_11.3.x86_64
RHSA-2015:0090 security glibc-common-2.5-123.el5_11.1.x86_64
RHSA-2015:1627 security glibc-common-2.5-123.el5_11.3.x86_64
RHSA-2015:0090 security glibc-devel-2.5-123.el5_11.1.x86_64
RHSA-2015:1627 security glibc-devel-2.5-123.el5_11.3.x86_64
RHSA-2015:0090 security glibc-headers-2.5-123.el5_11.1.x86_64
RHSA-2015:1627 security glibc-headers-2.5-123.el5_11.3.x86_64
list-security done
[root@ip-172-31-15-139 ~]# yum info-sec
Loaded plugins: amazon-id, fastestmirror, rhui-lb, security
Loading mirror speeds from cached hostfile
* rhui-REGION-client-config-server-5: rhui2-cds01.ap-northeast-1.aws.ce.redhat.com
* rhui-REGION-rhel-server: rhui2-cds01.ap-northeast-1.aws.ce.redhat.com
Excluding Packages from Red Hat Enterprise Linux Server 5 (RPMs)
Finished
===============================================================================
at bug fix update
===============================================================================
Update ID : RHBA-2014:1368
Release :
Type : bugfix
Status : final
Issued : 2014-10-08 00:00:00
Bugs : 1148844 - Regression from bash function mangling patch breaks "at" jobs
Summary : Updated at packages that fix one bug are now available for Red
: Hat Enterprise Linux 5.
Description : The "at" packages provide the "at" and "batch" commands, which
: are used to read commands from standard input or
: from a specified file. The "at" command allows you
: to specify that a command will be run at a
: particular time. The "batch" command will execute
: commands when the system load levels drop to a
: particular level. Both commands use /bin/sh.
:
: This update fixes the following bug:
:
: * Due to a security issue fix in Bash, "at" jobs
: failed to run because the "atd" daemon exported
: environment variables with an incorrect syntax
: to the Bash shell running the jobs. With this
: update, "atd" filters out environment variables
: that cannot be parsed by the Bash shell, thus
: allowing the "at" jobs to run properly.
: (BZ#1148844)
:
: Users of at are advised to upgrade to these
: updated packages, which fix this bug.
Solution : Before applying this update, make sure all previously released
: errata relevant to your system have been applied.
:
: This update is available via the Red Hat Network.
: Details on how to use the Red Hat Network to apply
: this update are available at
: https://access.redhat.com/articles/11258
Rights : Copyright 2014 Red Hat Inc
===============================================================================
Important: bind security update
===============================================================================
Update ID : RHSA-2014:1984
Release :
Type : security
Status : final
Issued : 2014-12-12 00:00:00
Bugs : 1171912 - CVE-2014-8500 bind: delegation handling denial of service
CVEs : CVE-2014-8500
Summary : Updated bind packages that fix one security issue are now
: available for Red Hat Enterprise Linux 5, 6, and
: 7.
:
: Red Hat Product Security has rated this update as
: having Important security impact. A Common
: Vulnerability Scoring System (CVSS) base score,
: which gives a detailed severity rating, is
: available from the CVE link in the References
: section.
Description : The Berkeley Internet Name Domain (BIND) is an implementation of
: the Domain Name System (DNS) protocols. BIND
: includes a DNS server (named); a resolver library
: (routines for applications to use when interfacing
: with DNS); and tools for verifying that the DNS
: server is operating correctly.
:
: A denial of service flaw was found in the way BIND
: followed DNS delegations. A remote attacker could
: use a specially crafted zone containing a large
: number of referrals which, when looked up and
: processed, would cause named to use excessive
: amounts of memory or crash. (CVE-2014-8500)
:
: All bind users are advised to upgrade to these
: updated packages, which contain a backported patch
: to correct this issue. After installing the
: update, the BIND daemon (named) will be restarted
: automatically.
Solution : Before applying this update, make sure all previously released
: errata relevant to your system have been applied.
:
: This update is available via the Red Hat Network.
: Details on how to use the Red Hat Network to apply
: this update are available at
: https://access.redhat.com/articles/11258
Rights : Copyright 2014 Red Hat Inc
Severity : Important
info-sec done