[wellylug] Fwd: [NZOSS-Openchat] Vulnerability alert: GHOST - glibc gethostbyname buffer overflow
Mark Foster
blakjak at blakjak.net
Wed Jan 28 13:07:05 NZDT 2015
Sorry for the crosspost - Daniel beat me to the punch on this, I became
aware of this today and it really is quite a biggie; get patching!
A fairly human-readable comment on this vulnerability can be found at
Qualys:
https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability
And a good technical description:
http://ma.ttias.be/critical-glibc-update-cve-2015-0235-gethostbyname-calls/
Mark.
-------- Forwarded Message --------
Subject: [NZOSS-Openchat] Vulnerability alert: GHOST - glibc
gethostbyname buffer overflow
Date: Wed, 28 Jan 2015 12:58:35 +1300
From: Daniel Reurich <daniel at centurion.net.nz>
Reply-To: NZOSS Open Discussion List <openchat at lists.nzoss.org.nz>
To: NZOSS Open Discussion List <openchat at lists.nzoss.org.nz>
This is a fairly serious bug effecting glibc versions prior to glibc
2.18. In particular current Stable and Long Term Service Releases such
as Debian Wheezy, Red Hat Enterprise and CentOS vs 5, 6 & 7 etc are
known to be vulnerable.
Please check your distrobution for updates. Debian Wheezy has a
security update, and Jessie/Sid have new packages with the fix.
Details of the specifics can be found here:
http://www.openwall.com/lists/oss-security/2015/01/27/9
--
Daniel Reurich
Centurion Computer Technology (2005) Ltd.
021 797 722
_______________________________________________
Openchat mailing list
Openchat at lists.nzoss.org.nz
http://lists.nzoss.org.nz/mailman/listinfo/openchat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wellylug.org.nz/pipermail/wellylug/attachments/20150128/e744c260/attachment.html>
More information about the wellylug
mailing list