Re: CVE-2015-0235: glibc / heap overflow in gethostbyname()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 01/27/2015 05:42 PM, Ido Rosen wrote:
> Hi Allan & others,
>   This is a pretty big remote vulnerability, with a big attack
> surface.  I'm not sure if this is the right list to be sending it to,
> but I'd suggest patching glibc right away.  I think RedHat's already
> released an RHEL5 backported patch, and upstream has already patched
> it (as of yesterday).  See the links below.
> 
> Ido

Hey,

This vulnerability does not affect arch (anymore), as we are already
shipping glibc version 2.20-6 [0] where the upstream patch [1] is
already included.
You may want to write security related topics and discussions to the
arch-security [2] ML rather then arch-general.
There is already a topic [3] posted by Remi which contains clarification
about CVE-2015-0235.

cheers and thank you for your awareness,
Levente

[0] https://www.archlinux.org/packages/?name=glibc
[1]
https://sourceware.org/git/?p=glibc.git;a=commit;h=d5dd6189d506068ed11c8bfa1e1e9bffde04decd
[2] https://lists.archlinux.org/listinfo/arch-security
[3]
https://lists.archlinux.org/pipermail/arch-security/2015-January/000221.html

Attachment: signature.asc
Description: OpenPGP digital signature


[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux