Re: glibc bug - time to patch

To: debian-user@lists.debian.org
Subject: Re: glibc bug - time to patch
From: Lisi Reisz <lisi.reisz@gmail.com>
Date: Wed, 28 Jan 2015 14:27:18 +0000
Message-id: <[🔎] 201501281427.18269.lisi.reisz@gmail.com>
In-reply-to: <[🔎] d30f1297df8658316e790339af6252d5@thargoid.co.uk>
References: <[🔎] 28f1fa682337d21078d8c83d9c9e03a4@thargoid.co.uk> <[🔎] CAPa6PsFVYpH1qc72ntcr-tF-MeZdeo1gDkKpYB21nU4kFhC31A@mail.gmail.com> <[🔎] d30f1297df8658316e790339af6252d5@thargoid.co.uk>

On Wednesday 28 January 2015 13:25:20 iain@thargoid.co.uk wrote:
> On 2015-01-28 12:27, Peter Viskup wrote:
> > before considering downtimes and patching activities on production
> > servers
> > read these:
> >
> > https://www.debian.org/security/2015/dsa-3142
> > http://seclists.org/oss-sec/2015/q1/283
> >
> > especially the second link mention network-facing software which is not
> > vulnerable due to proper sanitization out of glibc.
>
> Indeed, however you will notice that the list on the second link does
> not contain exim, the default SMTP server software for debian. This was
> used for proof-of-concept code.
>
> http://seclists.org/oss-sec/2015/q1/274

So Wheezy users who use Exim are at risk? But it surely then follows that 
Wheezy users who do not use Exim, or even have it installed, are not at risk?

Lisi

Reply to:

Follow-Ups:
- Re: glibc bug - time to patch
  - From: Lisi Reisz <lisi.reisz@gmail.com>
- Re: glibc bug - time to patch
  - From: Jochen Spieker <ml@well-adjusted.de>

References:
- glibc bug - time to patch
  - From: iain@thargoid.co.uk
- Re: glibc bug - time to patch
  - From: Peter Viskup <skupko.sk@gmail.com>
- Re: glibc bug - time to patch
  - From: iain@thargoid.co.uk

Prev by Date: Re: glibc bug - time to patch
Next by Date: Re: glibc bug - time to patch
Previous by thread: Re: glibc bug - time to patch
Next by thread: Re: glibc bug - time to patch
Index(es):
- Date
- Thread