On 01/28/2015 11:12 PM, Jamenson Ferreira Espindula de Almeida Melo wrote: > Subject: "GHOST" (CVE-2015-0235) > > > Named GHOST (CVE-2015-0235) because it can be triggered by > _gethostbyname the functions and gethostbyaddr_ this vulnerability > affects many systems from Linux glibc version 2.2 > published on 10 November 2000. Qualys researchers have also > identified several factors that mitigate the impact of this > vulnerability, including one published May 21, 2013 between patch > glibc-2.17 versions and glibc-2.18. Unfortunately, this patch
It doesn't seem that glibc-2.18+ releases are vulnerable according to this,
but I'm sure there are still users who use older LFS systems including older
Glibc releases, and this may finally give them reason to upgrade.
> not having been classified as a security bulletin, most
> stable distributions and enjoying a long term support were
> exposed, including Debian 7 ("Wheezy"), Red Hat Enterprise Linux 6 & 7
> CentOS 6 & 7 and Ubuntu 12.04.
>
--
Note: My last name is not Krejzi.
signature.asc
Description: OpenPGP digital signature
-- http://lists.linuxfromscratch.org/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
