>>> > Does anybody know more about this "security flaw in the open-source Linux >>> > GNU C Library" >>> > >>> > http://www.theglobeandmail.com/technology/linux-makers-release-patch-to-thwart-new-ghost-cyber-threat/article22662060/?cmpid=rss1 >>> >>> >>> I updated a system of mine that was using an old version of glibc and >>> rebooted. I can't do a full emerge world there or use various other >>> portage tools due to the peculiarities of my current situation. Could >>> I still be vulnerable? >> >> Your system may be vulnerable to this issue only if you have >> packages statically linked with vulnerable glibc libs, so most >> likely — no. But your system may be affected by a plenty of other >> issues in various packages. >> >> At the very least you should apply all GLSAs to your system: while >> they don't encompass all vulnerabilities, they should warn you >> about most common and important ones. > > > I don't think I have USE=static anywhere. Any way to confirm? > > I've been watching glsa.gentoo.org (a little dismayed that this glibc > vulnerability isn't there yet) but you prompted me to give glsa-check > a try. It's telling me I'm vulnerable to some that I clearly am not > vulnerable to. Do I need to clear a cache somewhere?
glsa-check is working fine, it was a slotted issue. Still curious about a way to check for statically linked packages. - Grant
