Results 1 to 3 of 3

Thread: libc6 flaw worry

  1. #1
    Senior Member registered user
    Join Date
    May 2006
    Location
    Columbia, Maryland USA
    Posts
    1,631

    libc6 flaw worry

    .
    I expressed my concern about the following news item to Klaus K:
    http://www.eweek.com/security/linux-...libc-flaw.html

    His comment on this was the following:
    Me too, since all glibc >= 2.9 versions till today are affected, with
    the glibc on Knoppix being no exception.

    For exploiting the vulnerability, the attacker must own the directly
    queried DNS server (i.e. the users access point, or the ISPs DNS server)
    and send manipulated DNS replies from there, or be able to hijack TCP
    connections, and in most cases, programs will just crash on the
    getaddrinfo() library call, but code injection on the stack may be
    possible. Though an attack isn't really easy, it's a real possibility.

    The easy commandline method (for USB flash disk users) for fixing the
    problem, thanks to debian's quick reaction in the unstable branch, would be:

    sudo apt-get update ; sudo apt-get install -t unstable libc6
    which also updates libc6 dependencies.
    I did this on my Knoppix 7.6.1 LiveUSB, and it updated my libc6 to 2.21.0,
    and didn't take up much space on my reiserfs persistence.

    IMO, it may be wise to make this interim correction, since updating the
    whole 4Gb Knoppix iso might not happen right away.

  2. #2
    Senior Member registered user
    Join Date
    May 2006
    Location
    Columbia, Maryland USA
    Posts
    1,631
    Should read updated to libc6 2.21-9, not 2.21.0.
    Last edited by utu; 02-23-2016 at 01:33 AM.

  3. #3
    Senior Member registered user
    Join Date
    May 2006
    Location
    Columbia, Maryland USA
    Posts
    1,631

    A reminder, in case you are not using 7.7.0.

    Regarding libc6...

    http://www.linux-magazine.com/Issues/2016/187/Ask-Klaus

    You don't need to buy the article, just see the first post here.
    Last edited by utu; 05-13-2016 at 06:07 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


SQL Server 2019 Standard (10 CAL) - Windows and Linux, Physical License NEW picture

SQL Server 2019 Standard (10 CAL) - Windows and Linux, Physical License NEW

$178.45



1U Open Source Router Firewall X10SLH-N6-ST031 E3-1270 V3 6x 10GB Ethernet 16GB picture

1U Open Source Router Firewall X10SLH-N6-ST031 E3-1270 V3 6x 10GB Ethernet 16GB

$399.00



Custom Bootable OS - USB Flash Drive - Mint, Kali, Ubuntu, Zorin, Debian & More picture

Custom Bootable OS - USB Flash Drive - Mint, Kali, Ubuntu, Zorin, Debian & More

$4.25



IBM E850 Power8 2x 12C 3.02GHz 512Gb 1.8Tb SAS 10GbE 16Gb Linux Server  8408-E8E picture

IBM E850 Power8 2x 12C 3.02GHz 512Gb 1.8Tb SAS 10GbE 16Gb Linux Server 8408-E8E

$699.95



Custom Laptop, Desktop or Server Badge - Set of 12 (Select your Linux distro) picture

Custom Laptop, Desktop or Server Badge - Set of 12 (Select your Linux distro)

$4.99



1U Server 15

1U Server 15" Depth X11SSH-F E3-1270 V6 3.8Ghz 4 Core 32GB RAM 240G SSD

$250.00



LINUX Apache Web Server Administration User Guide Manual 2001 SYBEX 13C picture

LINUX Apache Web Server Administration User Guide Manual 2001 SYBEX 13C

$9.99



NEW Redhat Enterprise Linux 7 Server Edition (Factory Sealed) picture

NEW Redhat Enterprise Linux 7 Server Edition (Factory Sealed)

$25.00



Dell Poweredge T340 Xeon E-2124@3.3GHZ 16GB DDR4 18TB Storage NO OS 32010XD picture

Dell Poweredge T340 Xeon E-2124@3.3GHZ 16GB DDR4 18TB Storage NO OS 32010XD

$600.00



PFSENSE 15

PFSENSE 15" Depth Server Router Firewall Supermicro X11SSH-F E3-1240 V5 32GB RAM

$379.00