[wellylug] Fwd: [NZOSS-Openchat] Vulnerability alert: GHOST - glibc gethostbyname buffer overflow

Mark Foster blakjak at blakjak.net
Wed Jan 28 13:07:05 NZDT 2015


Sorry for the crosspost - Daniel beat me to the punch on this, I became 
aware of this today and it really is quite a biggie; get patching!

A fairly human-readable comment on this vulnerability can be found at 
Qualys:

https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability

And a good technical description:

http://ma.ttias.be/critical-glibc-update-cve-2015-0235-gethostbyname-calls/

Mark.


-------- Forwarded Message --------
Subject: 	[NZOSS-Openchat] Vulnerability alert: GHOST - glibc 
gethostbyname buffer overflow
Date: 	Wed, 28 Jan 2015 12:58:35 +1300
From: 	Daniel Reurich <daniel at centurion.net.nz>
Reply-To: 	NZOSS Open Discussion List <openchat at lists.nzoss.org.nz>
To: 	NZOSS Open Discussion List <openchat at lists.nzoss.org.nz>



This is a fairly serious bug effecting glibc versions prior to glibc
2.18.  In particular current Stable and Long Term Service Releases such
as Debian Wheezy, Red Hat Enterprise and CentOS vs 5, 6 & 7 etc are
known to be vulnerable.

Please check your distrobution for updates.  Debian Wheezy has a
security update, and Jessie/Sid have new packages with the fix.

Details of the specifics can be found here:
http://www.openwall.com/lists/oss-security/2015/01/27/9



-- 
Daniel Reurich
Centurion Computer Technology (2005) Ltd.
021 797 722
_______________________________________________
Openchat mailing list
Openchat at lists.nzoss.org.nz
http://lists.nzoss.org.nz/mailman/listinfo/openchat



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wellylug.org.nz/pipermail/wellylug/attachments/20150128/e744c260/attachment.html>


More information about the wellylug mailing list