On Jun 22, 2017, at 00:07 , WILLIAM J LUTTER wrote:

> Recently there has been the "stack-clash" exploit that impacts several OS 
> including linux
> (CVE-2017-1000364).   Unfortunately, I maintain several old SL5 PCs.   For 
> instance, one of them is 5.7 with a 2.6.18-419 kernel.

Which until a couple of weeks ago was ok (if you subscribe to TUV's point of 
view regarding urgency/criticality of fixes), thanks to SL allowing "sitting on 
a release".

> I suppose that kernels for SL/Centos/Redhat kernels that would be compatible 
> with say SL5.7 are not maintained, so when exploits get too bad, then time to 
> install SL7?

Well, if 10 years of SL5 life weren't sufficient, you can purchase a RHEL 
subscription plus ELS add-on for each of your legacy systems, which would buy 
you three more years.

AFAIK Oracle claims to support its products (including their RHEL clone) 
"forever" if you just have the money.

> Are there kernels that are kept up to date that could be installed for older 
> SL5 via rpmfind or some such repo/download site?

It should still be possible to run SL5 with a mainline kernel. ELRepo used to 
maintain such kernels, readily packaged for EL, but I'm not sure whether they 
still do for EL5. Probably not.

Note that the kernel change is only part of the solution for the "stack clash" 
issue. It won't help much without the corresponding glibc changes.

"Containers" may come to the rescue. If your users still requiring an EL5 
environment would get along with an EL5 Singularity container, that would work 
around the issue.

Stephan Wiesand
Platanenenallee 6
15738 Zeuthen, Germany

Reply via email to