This week's Linux vulnerbility: GHOST
-
2.1 < glibc < 2.18 affected.
Lines 85-86 compute the size_needed to store three (3) distinct entities in buffer: host_addr, h_addr_ptrs, and name (the hostname). Lines 88-117 make sure the buffer is large enough: lines 88-97 correspond to the reentrant case, lines 98-117 to the non-reentrant case.Lines 121-125 prepare pointers to store four (4) distinct entities in
buffer: host_addr, h_addr_ptrs, h_alias_ptr, and hostname. The sizeof
(*h_alias_ptr) -- the size of a char pointer -- is missing from the
computation of size_needed.
Source code to compile presented to test your system included if you're so inclined.
-
Already updated all my Centoses. Seems serious, but much less panic surrounding this one than the other recent ones.
-
$ apt-cache show libc6 | grep Provides Provides: glibc-2.19-1 Provides: glibc-2.19-1 Provides: glibc-2.19-1 $ cat /etc/lsb-release DISTRIB_ID=LinuxMint DISTRIB_RELEASE=17.1 DISTRIB_CODENAME=rebecca DISTRIB_DESCRIPTION="Linux Mint 17.1 Rebecca"By extension, Ubuntu 14.10 should be fine at least. Need to check if any of my Debian machines don't have testing repos enabled (damned PostgreSQL, need 9.2+ but stable repos only have 9.1 still), they might be behind.
