>> > Does anybody know more about this "security flaw in the open-source Linux >> > GNU C Library" >> > >> > http://www.theglobeandmail.com/technology/linux-makers-release-patch-to-thwart-new-ghost-cyber-threat/article22662060/?cmpid=rss1 >> >> >> I updated a system of mine that was using an old version of glibc and >> rebooted. I can't do a full emerge world there or use various other >> portage tools due to the peculiarities of my current situation. Could >> I still be vulnerable? > > Your system may be vulnerable to this issue only if you have > packages statically linked with vulnerable glibc libs, so most > likely — no. But your system may be affected by a plenty of other > issues in various packages. > > At the very least you should apply all GLSAs to your system: while > they don't encompass all vulnerabilities, they should warn you > about most common and important ones.
I don't think I have USE=static anywhere. Any way to confirm? I've been watching glsa.gentoo.org (a little dismayed that this glibc vulnerability isn't there yet) but you prompted me to give glsa-check a try. It's telling me I'm vulnerable to some that I clearly am not vulnerable to. Do I need to clear a cache somewhere? - Grant
