Re: glibc bug - time to patch
On Wednesday 28 January 2015 09:29:42 Lisi Reisz did opine
And Gene did reply:
> On Wednesday 28 January 2015 14:27:18 Lisi Reisz wrote:
> > On Wednesday 28 January 2015 13:25:20 iain@thargoid.co.uk wrote:
> > > On 2015-01-28 12:27, Peter Viskup wrote:
> > > > before considering downtimes and patching activities on
> > > > production servers
> > > > read these:
> > > >
> > > >
> > > >
> > > > http://seclists.org/oss-sec/2015/q1/283
> > > >
> > > > especially the second link mention network-facing software which
> > > > is not vulnerable due to proper sanitization out of glibc.
> > >
> > > Indeed, however you will notice that the list on the second link
> > > does not contain exim, the default SMTP server software for
> > > debian. This was used for proof-of-concept code.
> > >
> > > http://seclists.org/oss-sec/2015/q1/274
> >
> > So Wheezy users who use Exim are at risk? But it surely then follows
> > that Wheezy users who do not use Exim, or even have it installed,
> > are not at risk?
> >
> > > > https://www.debian.org/security/2015/dsa-3142
>
> But I see anyway that it has been patched for Wheezy. So all is OK.
>
> Lisi
Also Lucid, I installed it all about 2 hours ago. But haven't rebooted &
probably should. And I pointed out the speed with which it was patched to
a died in the wool winderz using friend of mine. Never miss a chance I
say. ;-)
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
US V Castleman, SCOTUS, Mar 2014 is grounds for Impeaching SCOTUS
Reply to: