End of Red Hat Enterprise Linux 5 Support - March 2017

Number: IN16-002
Date: 27 April 2016

Purpose

The purpose of this Information Note is to draw attention to the end of support for Red Hat Enterprise Linux 5 effective March 31, 2017. After this day, active support included in the Premium or Standard subscription will cease; however, critical fixes will still be available on a paid subscription basis.

Assessment

As of March 31, 2017, support for Red Hat Enterprise Linux 5 (RHEL 5) will be retired and active support included for the Standard and Premium subscriptions will end. Customers will continue to have access to previously released content and limited technical support available through Red Hat Global Support Service. For the very last release of RHEL, version 5.11 only, security fixes that are in the category of "Critical Impact" and select urgent priority bug fixes will be available through Extended Life-Cycle Support (ELS) Add-on subscription, which will still be available until November 30, 2020. Due to the impending limited number of updates available for Red Hat Enterprise Linux 5 there is an increased risk of vulnerability exploitation following the cutoff date of March 30, 2017.

Suggested action

Based on the increased risk of vulnerability exploitation, CCIRC is recommending that all users of Red Hat Enterprise Linux migrate to the newest version prior to March 31,2017, where permitted. Internet exposed systems should be prioritized, followed by those with a less vulnerable presence. In special situations where owners/operators are unable to migrate from RHEL 5, CCIRC recommends exploring the idea of Extended Life Support Add-On pay-for service in order to continue to receive critical security updates.

References

Red Hat Enterprise Linux Life Cycle
https://access.redhat.com/support/policy/updates/errata

Red Hat Enterprise Linux 5
https://access.redhat.com/articles/3078#RHEL5

Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.
http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/_fl/CCIRCPublicPGPKey.txt

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: ps.communications-communications.sp@canada.ca

Date modified: