Re: glibc bug - time to patch

To: debian-user@lists.debian.org
Subject: Re: glibc bug - time to patch
From: Lisi Reisz <lisi.reisz@gmail.com>
Date: Wed, 28 Jan 2015 14:29:42 +0000
Message-id: <[🔎] 201501281429.42835.lisi.reisz@gmail.com>
In-reply-to: <[🔎] 201501281427.18269.lisi.reisz@gmail.com>
References: <[🔎] 28f1fa682337d21078d8c83d9c9e03a4@thargoid.co.uk> <[🔎] d30f1297df8658316e790339af6252d5@thargoid.co.uk> <[🔎] 201501281427.18269.lisi.reisz@gmail.com>

On Wednesday 28 January 2015 14:27:18 Lisi Reisz wrote:
> On Wednesday 28 January 2015 13:25:20 iain@thargoid.co.uk wrote:
> > On 2015-01-28 12:27, Peter Viskup wrote:
> > > before considering downtimes and patching activities on production
> > > servers
> > > read these:
> > >


> > > http://seclists.org/oss-sec/2015/q1/283
> > >
> > > especially the second link mention network-facing software which is not
> > > vulnerable due to proper sanitization out of glibc.
> >
> > Indeed, however you will notice that the list on the second link does
> > not contain exim, the default SMTP server software for debian. This was
> > used for proof-of-concept code.
> >
> > http://seclists.org/oss-sec/2015/q1/274
>
> So Wheezy users who use Exim are at risk? But it surely then follows that
> Wheezy users who do not use Exim, or even have it installed, are not at
> risk?

> > > https://www.debian.org/security/2015/dsa-3142

But I see anyway that it has been patched for Wheezy.  So all is OK.

Lisi

Reply to:

Follow-Ups:
- Re: glibc bug - time to patch
  - From: Gene Heskett <gheskett@wdtv.com>

References:
- glibc bug - time to patch
  - From: iain@thargoid.co.uk
- Re: glibc bug - time to patch
  - From: iain@thargoid.co.uk
- Re: glibc bug - time to patch
  - From: Lisi Reisz <lisi.reisz@gmail.com>

Prev by Date: Re: glibc bug - time to patch
Next by Date: mouse
Previous by thread: Re: glibc bug - time to patch
Next by thread: Re: glibc bug - time to patch
Index(es):
- Date
- Thread