Re: glibc bug - time to patch

To: Peter Viskup <skupko.sk@gmail.com>
Cc: debian-user@lists.debian.org
Subject: Re: glibc bug - time to patch
From: iain@thargoid.co.uk
Date: Wed, 28 Jan 2015 13:25:20 +0000
Message-id: <[🔎] d30f1297df8658316e790339af6252d5@thargoid.co.uk>
In-reply-to: <[🔎] CAPa6PsFVYpH1qc72ntcr-tF-MeZdeo1gDkKpYB21nU4kFhC31A@mail.gmail.com>
References: <[🔎] 28f1fa682337d21078d8c83d9c9e03a4@thargoid.co.uk> <[🔎] CAPa6PsFVYpH1qc72ntcr-tF-MeZdeo1gDkKpYB21nU4kFhC31A@mail.gmail.com>

On 2015-01-28 12:27, Peter Viskup wrote:

before considering downtimes and patching activities on productionservers

read these:

https://www.debian.org/security/2015/dsa-3142
http://seclists.org/oss-sec/2015/q1/283

especially the second link mention network-facing software which is not
vulnerable due to proper sanitization out of glibc.

Indeed, however you will notice that the list on the second link doesnot contain exim, the default SMTP server software for debian. This wasused for proof-of-concept code.


http://seclists.org/oss-sec/2015/q1/274

Cheers

Iain

Reply to:

Follow-Ups:
- Re: glibc bug - time to patch
  - From: Lisi Reisz <lisi.reisz@gmail.com>

References:
- glibc bug - time to patch
  - From: iain@thargoid.co.uk
- Re: glibc bug - time to patch
  - From: Peter Viskup <skupko.sk@gmail.com>

Prev by Date: Re: glibc bug - time to patch
Next by Date: Re: glibc bug - time to patch
Previous by thread: Re: glibc bug - time to patch
Next by thread: Re: glibc bug - time to patch
Index(es):
- Date
- Thread