Lisi Reisz:
> On Wednesday 28 January 2015 13:25:20 iain@thargoid.co.uk wrote:
>>>
>>> https://www.debian.org/security/2015/dsa-3142
>>> http://seclists.org/oss-sec/2015/q1/283
>>>
>>> especially the second link mention network-facing software which is not
>>> vulnerable due to proper sanitization out of glibc.
>>
>> Indeed, however you will notice that the list on the second link does
>> not contain exim, the default SMTP server software for debian. This was
>> used for proof-of-concept code.
>>
>> http://seclists.org/oss-sec/2015/q1/274
>
> So Wheezy users who use Exim are at risk?
Yes.
> But it surely then follows that Wheezy users who do not use Exim, or
> even have it installed, are not at risk?
No. The bug is in the most basic C library. I would assume that all
systems with a vulnerable libc are at risk and update as soon as
possible.
J.
--
If all my friends had Playstations I would buy a Nintendo to prove my
individuality.
[Agree] [Disagree]
<http://www.slowlydownward.com/NODATA/data_enter2.html>
Attachment:
signature.asc
Description: Digital signature