[SECURITY] #776391 - libc6

Forum rules
Please supply only the affected package name as title, with bugreport number (bugs.debian.org) or other sources. This feed can be subscribed to and piped into your RSS reader or conky: http://linuxbbq.org/bbs/feed.php?mode=news
machinebacon
Baconator
Posts: 10253
Joined: Thu Sep 16, 2010 11:03 am
Location: Pfälzerwald
Contact:

[SECURITY] #776391 - libc6

Unread post by machinebacon » Sun Feb 01, 2015 6:35 am

http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-0235

Fixed in Debian on Jan 27. https://bugs.debian.org/cgi-bin/bugrepo ... bug=776391

So please remember to

Code: Select all

apt update && apt upgrade
and reboot as soon as possible. To check if you are safe already:

Code: Select all

apt-cache policy libc-bin
#or
ldd --version
the glibc version should yield 2.19-13 or higher.

References:

http://www.scmagazine.com/buffer-overfl ... le/395025/
http://www.darkreading.com/vulnerabilit ... id/1318811
http://www.infosecurity-magazine.com/ne ... nux-ghost/
http://www.theregister.co.uk/2015/01/28 ... _analysis/
http://www.zdnet.com/article/critical-l ... ole-found/
http://arstechnica.com/security/2015/01 ... x-systems/
http://threatpost.com/ghost-glibc-remot ... ems/110679
http://www.itworld.com/article/2876098/ ... -hole.html
http://www.tomsguide.com/us/ghost-linux ... 20366.html
http://www.techworm.net/2015/01/ghost-v ... linux.html
http://www.slashgear.com/linux-c-librar ... -28366406/
http://www.net-security.org/secworld.php?id=17886
http://www.theinquirer.net/inquirer/new ... and-ubuntu
http://betanews.com/2015/01/27/warning- ... u-at-risk/
http://searchsecurity.techtarget.com/ne ... ution-flaw
http://www.v3.co.uk/v3-uk/news/2392369/ ... tu-systems
http://www.techweekeurope.co.uk/softwar ... ers-160396
http://www.cso.com.au/article/564898/re ... x-distros/
http://www.journaldunet.com/solutions/s ... 0115.shtml
http://www.searchsecurity.de/news/22402 ... tity-Mixer
http://www.itespresso.fr/securite-it-gh ... 86944.html
http://www.silicon.de/41608362/sicherhe ... x-systeme/
http://www.theregister.co.uk/2015/01/27 ... erability/
https://nakedsecurity.sophos.com/2015/0 ... d-to-know/
http://www.eweek.com/security/ghost-bug ... sions.html
http://www.itproportal.com/2015/01/29/d ... erability/
..gnutella..

User avatar
GekkoP
Emacs Sancho Panza
Posts: 5877
Joined: Tue Sep 03, 2013 7:05 am

Re: [SECURITY] #776391 - libc6

Unread post by GekkoP » Sun Feb 01, 2015 11:37 am

Thank you, upgraded Haggis and now safe here. :)

User avatar
dkeg
Configurator
Posts: 3782
Joined: Sun Nov 18, 2012 9:23 pm
Location: Mid-Atlantic Grill

Re: [SECURITY] #776391 - libc6

Unread post by dkeg » Sun Feb 01, 2015 2:23 pm

Whew .... I'm safe. I was worried for a minute.

Work hard; Complain less

User avatar
bones
Clooney
Posts: 2385
Joined: Fri Jun 28, 2013 11:47 pm
Location: Cascadia

Re: [SECURITY] #776391 - libc6

Unread post by bones » Sun Feb 01, 2015 3:09 pm

Updated for Slackware on 1/28:

Wed Jan 28 19:23:00 UTC 2015
patches/packages/glibc-2.17-x86_64-10_slack14.1.txz: Rebuilt.
This update patches a security issue __nss_hostname_digits_dots() function
of glibc which may be triggered through the gethostbyname*() set of
functions. This flaw could allow local or remote attackers to take control
of a machine running a vulnerable version of glibc. Thanks to Qualys for
discovering this issue (also known as the GHOST vulnerability.)
For more information, see:
https://www.qualys.com/research/securit ... 5-0235.txt
http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-0235
(* Security fix *)
patches/packages/glibc-i18n-2.17-x86_64-10_slack14.1.txz: Rebuilt.
patches/packages/glibc-profile-2.17-x86_64-10_slack14.1.txz: Rebuilt.
patches/packages/glibc-solibs-2.17-x86_64-10_slack14.1.txz: Rebuilt.
patches/packages/glibc-zoneinfo-2014j-noarch-1.txz: Upgraded.
Upgraded to tzcode2014j and tzdata2014j.

User avatar
ivanovnegro
Minister of Truth
Posts: 5448
Joined: Wed Oct 17, 2012 11:12 pm

Re: [SECURITY] #776391 - libc6

Unread post by ivanovnegro » Tue Feb 03, 2015 5:47 am

Thanks Bacon. Without knowing it I was already up-to-date.

Post Reply