Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[sevenlayermuddle]

As screamed by The Register..

http://www.theregister.co.uk/2016/02/16/glibc_linux_dns_vulernability/

Patch ASAP: Tons of Linux apps can be hijacked by evil DNS servers, man-in-the-middle miscreants

In fairness, I don't hold El Reg in high esteem these days, and I think their headline is probably alarming and misleading.

All the same, worth hoping for an update for any routers, Smart TVs etc, that might use embedded Linux.  'hoping' being the operative word.     

[burakkucat]

That article appears to be rather "gutter-press" like and appears to be designed as "sensational" / "shock" / "horror", etc.

Unfortunately, they are rather behind the times with that report -- quite simply it is out of date stale news! 

[broadstairs]

I seem to remember a patch for this in OpenSUSE ages ago....

Stuart

[ejs]

Fedora got a glibc update for this today.

Also, most routers tend to use uClibc, which is smaller than glibc, and presumably won't have the exact same bugs, as it's a different project.

[sevenlayermuddle]

The Beeb covered it too, another organisation of which I have low opinion.

http://www.bbc.co.uk/news/technology-35592916

Glibc: Mega bug may hit thousands of devices

Interesting use of SI unit 'Mega' to create the splash-bang-wallop headline, then qualify the story describing affected devices with the mere word  'thousands'.

All the same, Beeb does link to the Google blog that announced the issue.  It was dated 16th Feb, so I suspect it is a new issue, despite resemblance to previous. 

https://googleonlinesecurity.blogspot.co.uk/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html

[burakkucat]

. . . the Google blog that announced the issue.  It was dated 16th Feb, so I suspect it is a new issue, despite resemblance to previous. 

https://googleonlinesecurity.blogspot.co.uk/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html

That is a public announcement by Google, the problem was discovered and essentially resolved before that date. As I commented earlier out-of-date, stale news! 

It is best to consult the definitive listing for all CVEs -- at Mitre.

[Chrysalis]

Fedora got a glibc update for this today.

Also, most routers tend to use uClibc, which is smaller than glibc, and presumably won't have the exact same bugs, as it's a different project.

dont talk about routers they a disaster waiting to happen, the vast majority of linux based routers I have used, use code that's circa 10 years old.