Re: glibc bug - time to patch

To: debian-user@lists.debian.org
Subject: Re: glibc bug - time to patch
From: Lisi Reisz <lisi.reisz@gmail.com>
Date: Wed, 28 Jan 2015 15:46:51 +0000
Message-id: <[🔎] 201501281546.51084.lisi.reisz@gmail.com>
In-reply-to: <[🔎] 20150128143122.GA6888@well-adjusted.de>
References: <[🔎] 28f1fa682337d21078d8c83d9c9e03a4@thargoid.co.uk> <[🔎] 201501281427.18269.lisi.reisz@gmail.com> <[🔎] 20150128143122.GA6888@well-adjusted.de>

On Wednesday 28 January 2015 14:31:23 Jochen Spieker wrote:
> Lisi Reisz:
> > On Wednesday 28 January 2015 13:25:20 iain@thargoid.co.uk wrote:
> >>> https://www.debian.org/security/2015/dsa-3142
> >>> http://seclists.org/oss-sec/2015/q1/283
> >>>
> >>> especially the second link mention network-facing software which is not
> >>> vulnerable due to proper sanitization out of glibc.
> >>
> >> Indeed, however you will notice that the list on the second link does
> >> not contain exim, the default SMTP server software for debian. This was
> >> used for proof-of-concept code.
> >>
> >> http://seclists.org/oss-sec/2015/q1/274
> >
> > So Wheezy users who use Exim are at risk?
>
> Yes.
>
> > But it surely then follows that Wheezy users who do not use Exim, or
> > even have it installed, are not at risk?
>
> No. The bug is in the most basic C library. I would assume that all
> systems with a vulnerable libc are at risk and update as soon as
> possible.

Thanks, yes.  At first reading I thought it said that there was no update 
available for Squeeze and Wheezy, only for Jessie and Sid.  I posted again 
when I realised my mistake. 

Lisi

Reply to:

References:
- glibc bug - time to patch
  - From: iain@thargoid.co.uk
- Re: glibc bug - time to patch
  - From: Lisi Reisz <lisi.reisz@gmail.com>
- Re: glibc bug - time to patch
  - From: Jochen Spieker <ml@well-adjusted.de>

Prev by Date: Re: glibc bug - time to patch
Next by Date: Re: glibc bug - time to patch
Previous by thread: Re: glibc bug - time to patch
Next by thread: mouse
Index(es):
- Date
- Thread