On Jun 22, 2017, at 00:07 , WILLIAM J LUTTER wrote:

> Recently there has been the "stack-clash" exploit that impacts several OS including linux
> 
> (CVE-2017-1000364).   Unfortunately, I maintain several old SL5 PCs.   For instance, one of them is 5.7 with a 2.6.18-419 kernel.

Which until a couple of weeks ago was ok (if you subscribe to TUV's point of view regarding urgency/criticality of fixes), thanks to SL allowing "sitting on a release".

> I suppose that kernels for SL/Centos/Redhat kernels that would be compatible with say SL5.7 are not maintained, so when exploits get too bad, then time to install SL7?

Well, if 10 years of SL5 life weren't sufficient, you can purchase a RHEL subscription plus ELS add-on for each of your legacy systems, which would buy you three more years.

AFAIK Oracle claims to support its products (including their RHEL clone) "forever" if you just have the money.

> Are there kernels that are kept up to date that could be installed for older SL5 via rpmfind or some such repo/download site?

It should still be possible to run SL5 with a mainline kernel. ELRepo used to maintain such kernels, readily packaged for EL, but I'm not sure whether they still do for EL5. Probably not.

Note that the kernel change is only part of the solution for the "stack clash" issue. It won't help much without the corresponding glibc changes.

"Containers" may come to the rescue. If your users still requiring an EL5 environment would get along with an EL5 Singularity container, that would work around the issue.

-- 
Stephan Wiesand
DESY -DV-
Platanenenallee 6
15738 Zeuthen, Germany