Is openssl a vector of exploit for Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Jan 30, 2015 at 09:46:46PM +0000, Salz, Rich wrote:

> > So it look like only direct use of BIO_gethostbyname can cause issues and
> > openssl does not rely on obsolete gethostbyname if it can use alternate
> > getaddrinfo.
> > 
> > I would be happy to receive any comment on that.
> 
> Okay:  I agree with your review...

The fix is to deploy an updated glibc.  Fixing everything linked
to glibc is not particularly practical.

-- 
	Viktor.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux