-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 FWIW, in the original advisory at [1], section 4, there is a snippet of C you can use to test whether you are vulnerable. If you are, you should probably upgrade asap. The fact that no exploit for a specific program has been found is no final proof there is none, although I don’t doubt that Qualys took great effort in finding exploits (considering the detail of their advisory, which reads really great).
In the follow-up [2] they state by the way that they also looked at postfix. best regards, jwi [1]: http://www.openwall.com/lists/oss-security/2015/01/27/9 [2]: http://www.openwall.com/lists/oss-security/2015/01/27/18 On 28.01.2015 06:17, Vijay Rajah wrote: > Hello, > > I'm sure most of you are aware of the latest Glibc vulnerability. > (FYI: http://www.openwall.com/lists/oss-security/2015/01/27/9) > > I'm not sure If postfix is vulnerable. I see from that posting > that, exim under certain configurations, is vulnerable. > > I think since postfix supports IPV6, it would use the > getaddrinfo() function. Is there any place where the older > getbyhostname() function is still used? > > Is postfix in any way at all, vulnerable to this bug? > > -Thanks Vijay -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJUyIC8AAoJEMBiAyWXYliKg8YP/3WTSQHEkJ0bS821f8aMcc9/ /hobnSgSn/l9XmPvLquVHSEVgANhrk7bZ13hwRrMinP1c1Xp3PZqVe/zBMJ0fwkL a8EthZHnRQm/lb45JnXKJsAk9JOfwGYGzjNMb8OvMQfgCsqxBgPgHCTFt1sVjcd3 YH9nQYZ0Tj8szMuqZd6WaRrWlmir8tSkUrW+6+VJePxoesYZNotGfY9b/Y+cMi3P n6zcWWuw7nyuZCh3kda/gNJM6zSIFl+Xux7pzG2bvkAHWJ8mGfRtUCyukiWehrQz 0EY1PZohizguVHtcjQ1xvbhVZ0Uj5RbYFwXWFkVGQgd3ZgZdREc1uAORPdMrApDF XfjtC+Rm8/gqamKNOL0e+qW4GvCAhlSoNPwr1/4DrPipBQLcKHe815eCZv+t/r+6 dmF6nTD1kqSXqHNbB9R9VudDus83hmhkRNzYVTv39OPQzDjcsjxdqidY476C9YAP NwuRv38H+K62nL8/bLaXbAiK2zB0H1Y9mvfogjcpCFwh6ZHI80MyfBKbgGqOVoWg 2qCT3GJX6IX+Q2iHUehtE81ilh4ZtoKWxALfkv7tmiQ+Qvg5F2r5c/lkalG2/Zoz UfL+xV/o1wfRCMiS1njRAYTBLaRTJrqwpIWTEusA54r0MrcAio8h1s3wx55Ptxix U3wOUR8iRRLB/AcfQCWf =LUab -----END PGP SIGNATURE-----
