On Thu, Jan 29, 2015 at 09:52:41PM -0800, Paul Rogers wrote: > I found a patch from good old source-code Gentoo. I ran my diff on the > 2.3.4 & 2.11.1 I was concerned about vs 2.17, and the only thing is in > the copyright comment. The code hasn't changed. My 2.17 vs 2.18 diff > was the same as Gentoo's, but for the test case they added. If I > weren't so old my native language was FORTRAN instead of the more modern > C, I might make more sense of the large block of code that's being > deleted near the end which isn't mentioned in the Qualys analysis, but > I'll take Gentoo's word for it. Seems like it's fixable on my older > systems. :-)
If you patch, and have not found a test case, see http://www.openwall.com/lists/oss-security/2015/01/27/9 (the beginning of Section 4) - from comments elsewhere, the "should not happen" reult is for running on systems which do no use glibc. Attached. gcc GHOST.c -o GHOST && ./GHOST sorry about the caps, that is what Qualys used. ĸen -- Nanny Ogg usually went to bed early. After all, she was an old lady. Sometimes she went to bed as early as 6 a.m. -- http://lists.linuxfromscratch.org/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page Do not top post on this list. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? http://en.wikipedia.org/wiki/Posting_style
