On 01/28/2015 06:17 PM, Vijay Rajah wrote: > Hello, > > I'm sure most of you are aware of the latest Glibc vulnerability. (FYI: > http://www.openwall.com/lists/oss-security/2015/01/27/9) > > I'm not sure If postfix is vulnerable. I see from that posting that, > exim under certain configurations, is vulnerable. > > I think since postfix supports IPV6, it would use the getaddrinfo() > function. Is there any place where the older getbyhostname() function is > still used? > > Is postfix in any way at all, vulnerable to this bug?
Honestly, I don't know if postfix uses that function or not, but if postfix isn't vulnerable then you almost certainly have some other program on your box that is. I would recommend that you update glibc without delay regardless. Peter
