Yup… constantly amazes me as well ….
My favorite is “well it’s on private IP space behind firewalls so it’s not vulnerable”….hahahaha… sure, keep thinking that .. ;) From: Af [mailto:[email protected]] On Behalf Of Eric Kuhnke Sent: Thursday, February 18, 2016 5:55 PM To: [email protected] Subject: Re: [AFMUG] update and patch your linux servers, people! I still find it amazing the amount of people who install linux and don't keep it updated (eg: systems out there on the public facing internet running the exact same versions of all the daemons that shipped with CentOS 6.3, when any reasonable system should be updated to 6.7... yum update is not rocket science) On Thu, Feb 18, 2016 at 2:53 PM, Josh Reynolds <[email protected] <mailto:[email protected]> > wrote: #oldnews Another thing you want to do is limit inbound dns responses to 1024 and less on most platforms, including mikrotik. They may use uClibc though, I am not sure. Most UBNT devices are not vulnerable to this, although EdgeRouter and CloudKey were (and probably that old ubnt nvr appliance). Thankfully they both receive patches from debian upstream, so it's just an apt-get update ; apt-get upgrade -y away. On Thu, Feb 18, 2016 at 4:48 PM, Eric Kuhnke <[email protected] <mailto:[email protected]> > wrote: > http://linux.slashdot.org/story/16/02/18/157239/magnitude-of-glibc-vulnerability-coming-to-light > > http://arstechnica.com/security/2016/02/extremely-severe-bug-leaves-dizzying-number-of-apps-and-devices-vulnerable/ > > http://www.kb.cert.org/vuls/id/457759 > > > If it has glibc on it and looks up things by DNS, it needs to be patched. > That's just about every Linux distro in existence.
