<html>

  <head>

    <meta http-equiv="content-type" content="text/html; charset=windows-1252">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    Sorry for the crosspost - Daniel beat me to the punch on this, I

    became aware of this today and it really is quite a biggie; get

    patching!<br>

    <br>

    A fairly human-readable comment on this vulnerability can be found

    at Qualys:<br>

    <br>

<a class="moz-txt-link-freetext" href="https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability">https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability</a><br>

    <br>

    And a good technical description:<br>

    <br>

<a class="moz-txt-link-freetext" href="http://ma.ttias.be/critical-glibc-update-cve-2015-0235-gethostbyname-calls/">http://ma.ttias.be/critical-glibc-update-cve-2015-0235-gethostbyname-calls/</a><br>

    <br>

    Mark.<br>

    <div class="moz-forward-container"><br>

      <br>

      -------- Forwarded Message --------

      <table class="moz-email-headers-table" border="0" cellpadding="0"

        cellspacing="0">

        <tbody>

          <tr>

            <th align="RIGHT" nowrap="nowrap" valign="BASELINE">Subject:

            </th>

            <td>[NZOSS-Openchat] Vulnerability alert: GHOST - glibc

              gethostbyname buffer overflow</td>

          </tr>

          <tr>

            <th align="RIGHT" nowrap="nowrap" valign="BASELINE">Date: </th>

            <td>Wed, 28 Jan 2015 12:58:35 +1300</td>

          </tr>

          <tr>

            <th align="RIGHT" nowrap="nowrap" valign="BASELINE">From: </th>

            <td>Daniel Reurich <a class="moz-txt-link-rfc2396E" href="mailto:daniel@centurion.net.nz"><daniel@centurion.net.nz></a></td>

          </tr>

          <tr>

            <th align="RIGHT" nowrap="nowrap" valign="BASELINE">Reply-To:

            </th>

            <td>NZOSS Open Discussion List

              <a class="moz-txt-link-rfc2396E" href="mailto:openchat@lists.nzoss.org.nz"><openchat@lists.nzoss.org.nz></a></td>

          </tr>

          <tr>

            <th align="RIGHT" nowrap="nowrap" valign="BASELINE">To: </th>

            <td>NZOSS Open Discussion List

              <a class="moz-txt-link-rfc2396E" href="mailto:openchat@lists.nzoss.org.nz"><openchat@lists.nzoss.org.nz></a></td>

          </tr>

        </tbody>

      </table>

      <br>

      <br>

      <pre>This is a fairly serious bug effecting glibc versions prior to glibc 

2.18.  In particular current Stable and Long Term Service Releases such 

as Debian Wheezy, Red Hat Enterprise and CentOS vs 5, 6 & 7 etc are 

known to be vulnerable.

Please check your distrobution for updates.  Debian Wheezy has a 

security update, and Jessie/Sid have new packages with the fix.

Details of the specifics can be found here:

<a class="moz-txt-link-freetext" href="http://www.openwall.com/lists/oss-security/2015/01/27/9">http://www.openwall.com/lists/oss-security/2015/01/27/9</a>

-- 

Daniel Reurich

Centurion Computer Technology (2005) Ltd.

021 797 722

_______________________________________________

Openchat mailing list

<a class="moz-txt-link-abbreviated" href="mailto:Openchat@lists.nzoss.org.nz">Openchat@lists.nzoss.org.nz</a>

<a class="moz-txt-link-freetext" href="http://lists.nzoss.org.nz/mailman/listinfo/openchat">http://lists.nzoss.org.nz/mailman/listinfo/openchat</a>

</pre>

      <br>

    </div>

    <br>

  </body>

</html>