Re: [SECURITY] [DSA 3481-1] glibc security update

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 3481-1] glibc security update
From: Thomas Hager <duke@sigsegv.at>
Date: Thu, 18 Feb 2016 10:29:08 +0100
Message-id: <[🔎] 5f5a35e66aa181a3158318f7b815a02a@sigsegv.at>
In-reply-to: <[🔎] 20160217224355.GH30214@urchin.earth.li>
References: <E1aVgSR-0003M5-RI@master.debian.org> <[🔎] 56C340F0.4050603@ludikovsky.name> <[🔎] 20160217105557.GM6633@urchin.earth.li> <[🔎] 1455733909.8441.5.camel@sigsegv.at> <[🔎] 20160217224355.GH30214@urchin.earth.li>

On 2016-02-17 23:43, Dominic Hargreaves wrote:

The answer here implies that just any resolver will not help you,
but that there is an unbound configuration that might:

https://lists.dns-oarc.net/pipermail/dns-operations/2016-February/014349.html

Yeah, I also followed some discussions on PowerDNS [1] and Bind [2]mailing lists/blogs.As it is still not quite clear yet, how this issue is exploitable, thegeneral consensus is

it might be possible that resolvers relay exploit content to clients.

So to be on the safe side, patching and rebooting or at least restartingprominent services

is the way to got.

Cheers,
Tom.

[1]http://blog.powerdns.com/2016/02/17/powerdns-cve-2015-7547-possible-mitigation/

[2] https://lists.isc.org/pipermail/bind-users/2016-February/096297.html

Reply to:

References:
- Re: [SECURITY] [DSA 3481-1] glibc security update
  - From: Peter Ludikovsky <peter@ludikovsky.name>
- Re: [SECURITY] [DSA 3481-1] glibc security update
  - From: Dominic Hargreaves <dom@earth.li>
- Re: [SECURITY] [DSA 3481-1] glibc security update
  - From: Thomas Hager <duke@sigsegv.at>
- Re: [SECURITY] [DSA 3481-1] glibc security update
  - From: Dominic Hargreaves <dom@earth.li>

Prev by Date: Re: [SECURITY] [DSA 3482-1] libreoffice security update
Next by Date: strange behaviour with konqueror
Previous by thread: Re: [SECURITY] [DSA 3481-1] glibc security update
Next by thread: Re: [SECURITY] [DSA 3481-1] glibc security update
Index(es):
- Date
- Thread