Kitz Forum
Computer Software => Security => Topic started by: sevenlayermuddle on February 17, 2016, 07:05:58 PM
-
As screamed by The Register..
http://www.theregister.co.uk/2016/02/16/glibc_linux_dns_vulernability/
Patch ASAP: Tons of Linux apps can be hijacked by evil DNS servers, man-in-the-middle miscreants
In fairness, I don't hold El Reg in high esteem these days, and I think their headline is probably alarming and misleading.
All the same, worth hoping for an update for any routers, Smart TVs etc, that might use embedded Linux. 'hoping' being the operative word. ::)
-
That article appears to be rather "gutter-press" like and appears to be designed as "sensational" / "shock" / "horror", etc.
Unfortunately, they are rather behind the times with that report -- quite simply it is out of date stale news! ::)
-
I seem to remember a patch for this in OpenSUSE ages ago....
Stuart
-
Fedora got a glibc update for this today.
Also, most routers tend to use uClibc, which is smaller than glibc, and presumably won't have the exact same bugs, as it's a different project.
-
The Beeb covered it too, another organisation of which I have low opinion. :(
http://www.bbc.co.uk/news/technology-35592916
Glibc: Mega bug may hit thousands of devices
Interesting use of SI unit 'Mega' to create the splash-bang-wallop headline, then qualify the story describing affected devices with the mere word 'thousands'. :D
All the same, Beeb does link to the Google blog that announced the issue. It was dated 16th Feb, so I suspect it is a new issue, despite resemblance to previous.
https://googleonlinesecurity.blogspot.co.uk/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
-
. . . the Google blog that announced the issue. It was dated 16th Feb, so I suspect it is a new issue, despite resemblance to previous.
https://googleonlinesecurity.blogspot.co.uk/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
That is a public announcement by Google, the problem was discovered and essentially resolved before that date. As I commented earlier out-of-date, stale news! ;)
It is best to consult the definitive listing for all CVEs -- at Mitre (https://cve.mitre.org/).
-
Fedora got a glibc update for this today.
Also, most routers tend to use uClibc, which is smaller than glibc, and presumably won't have the exact same bugs, as it's a different project.
dont talk about routers :( they a disaster waiting to happen, the vast majority of linux based routers I have used, use code that's circa 10 years old.