Jamenson Ferreira Espindula de Almeida Melo wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Subject: "GHOST" (CVE-2015-0235)
**
/ This severe vulnerability detected in the GNU / Linux C Library
gives control to the attackers without requiring system identifiers.
- Patches available today - /
Named GHOST (CVE-2015-0235) because it can be triggered by
_gethostbyname the functions and gethostbyaddr_ this vulnerability
affects many systems from Linux glibc version 2.2
published on 10 November 2000. Qualys researchers have also
identified several factors that mitigate the impact of this
vulnerability, including one published May 21, 2013 between patch
glibc-2.17 versions and glibc-2.18. Unfortunately, this patch
not having been classified as a security bulletin, most
stable distributions and enjoying a long term support were
exposed, including Debian 7 ("Wheezy"), Red Hat Enterprise Linux 6 & 7
CentOS 6 & 7 and Ubuntu 12.04.
Fixed in glibc in 2013. This is on;y an issue for LFS installations
older than lfs-7.4.
-- Bruce
--
http://lists.linuxfromscratch.org/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
