On Packet Pushers they were saying that while they didn't want to discourage patching as patching is indeed important, the ducks that have to line up to pull this attack off are very difficult to get lined up.
----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "Josh Reynolds" <[email protected]> To: [email protected] Sent: Thursday, February 18, 2016 4:53:17 PM Subject: Re: [AFMUG] update and patch your linux servers, people! #oldnews Another thing you want to do is limit inbound dns responses to 1024 and less on most platforms, including mikrotik. They may use uClibc though, I am not sure. Most UBNT devices are not vulnerable to this, although EdgeRouter and CloudKey were (and probably that old ubnt nvr appliance). Thankfully they both receive patches from debian upstream, so it's just an apt-get update ; apt-get upgrade -y away. On Thu, Feb 18, 2016 at 4:48 PM, Eric Kuhnke <[email protected]> wrote: > http://linux.slashdot.org/story/16/02/18/157239/magnitude-of-glibc-vulnerability-coming-to-light > > > http://arstechnica.com/security/2016/02/extremely-severe-bug-leaves-dizzying-number-of-apps-and-devices-vulnerable/ > > > http://www.kb.cert.org/vuls/id/457759 > > > If it has glibc on it and looks up things by DNS, it needs to be patched. > That's just about every Linux distro in existence.
