new vulnerability affects most gnu/Linux Systems

13 replies [Last post]
alimiracle
Offline
Joined: 01/18/2014
SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

that is a problem. but the news just after that one on the hacker news website is just as serious: "Taylor Swift's Twitter and Instagram Accounts Hacked" ..........
:)
wtfdic?

ssdclickofdeath
Offline
Joined: 05/18/2013

This is a very serious vulnerability.

"Using the exploit, an attacker is able to craft malicious emails that could automatically compromise a vulnerable server without the email even being opened, according to Amol Sarwate, director of engineering with Qualys."

I updated my system, of course.

buildcomplete
Offline
Joined: 01/26/2015

Is this only applicable if you are running an email server then?

alimiracle
Offline
Joined: 01/18/2014

BTW, this vulnerability was fixed on May 21, 2013
(between the releases of glibc-2.17 and glibc-2.18). Unfortunately, it
was not recognized as a security threat; as a result, most stable and
long-term-support distributions were left exposed (and still are):
Debian 7 (wheezy), Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7,
Ubuntu 12.04, for example.

doolio
Offline
Joined: 12/31/2013

Can someone explain what part(s) of ones system needs to be patched? Thanks.

Trisquelian
Offline
Joined: 01/23/2015

Just read it, please.

Legimet
Offline
Joined: 12/10/2013

The update hasn't reached Trisquel 6 yet.

EDIT: Nvm, it has. packages.trisquel.info is outdated.

Kromaz
Offline
Joined: 06/07/2014

Good to know Trisquel 6 has been patched. Will upgrade later this evening. Thanks

Legimet
Offline
Joined: 12/10/2013

And it doesn't affect Trisquel 7, which has a newer version of eglibc.

doolio
Offline
Joined: 12/31/2013

Thanks Trisquelian - I had done so. My system doesn't appear to have eglibc installed and was simply seeking confirmation in case I was missing something.

onpon4
Offline
Joined: 05/30/2012

glibc is provided in Debian-based systems by the libc6 package. (This is due to historical reasons; for some time, a fork of glibc called "Linux libc" was used in GNU/Linux distros, and that fork's most recent version was 5.)

Every GNU/Linux installation includes glibc. It's a basic component of the OS.

doolio
Offline
Joined: 12/31/2013

Thanks for the clarification.

davidnotcoulthard (not verified)
davidnotcoulthard

It really annoys me when people say "Linux is affected by Ghost", I mean, since when is glibc part of a kernel?