Hello
Is Pound free from CVE-2015-0235 GHOST?
Ubuntu 10.04.4 LTS
root@dwt01test:~# pound -V
starting...
Version 2.4.5
root@dwt01test:~# /lib/x86_64-linux-gnu/libc.so.6
GNU C Library (Ubuntu EGLIBC 2.15-0ubuntu10) stable release version 2.15, by
Roland McGrath et al.
2.15 is a vulnerable version.
It seems Pound uses getaddrinfo, but it loads libcrypto.so and:
root@dwt01test:~# readelf -s /lib/libcrypto.so.0.9.8 | grep gethostbyname
16: 0000000000000000 0 FUNC GLOBAL DEFAULT UND
gethostbyname@GLIBC_2.2.5 (3)
Is it possible that Pound will call gethostbyname indirectly?
Thank you.
--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.
