On Thu, Nov 11, 2010 at 08:40:24PM +0100, bendeguz wrote: > Hi all! > > Do I have to worry about the mentioned security bug > in glibc? I'm using version 2.11.1. > > http://seclists.org/fulldisclosure/2010/Oct/257 says: > "Please note, this is a low impact vulnerability that is only of interest to > security professionals and system administrators. End users do not need > to be concerned." > > I'm still having hard times to find out what packages > to upgrade. I hope I will get used to it. > It's fixed in -dev by the ld_audit_fix and origin_fix patches. I think they also apply to 2.11.1, but I'm not sure. See the archives for lfs-dev last month. Some of us using 2.12.1 have managed to upgrade glibc in an existing system, but only using the same options and version, and I think we all had good backups in case it went wrong - I still find doing that scary, and shutting down to reboot wasn't clean (but, I use ext4 so no worries there).
Thanks for reminding me that I haven't got around to upgrading my old 6.6 system for that (nor for some of the other recent vulnerabilities in browsers etc). If you have no-one else with access to your machine, it probably *is* a low priority - but we are all our own sysadmins, so we ought to keep on top of vulnerabilities in everything we have installed. ĸen -- das eine Mal als Tragödie, das andere Mal als Farce -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
