Many Millions of Linux are affected by this security hole #2
-
gcmartin
Many Millions of Linux are affected by this security hole #2
Last edited by gcmartin on Mon 22 Feb 2016, 15:43, edited 1 time in total.
DEBs for Precise, Tahr, and Wily can be found here:
http://www.ubuntu.com/usn/usn-2900-1/
Click the link corresponding to your flavor of Ubuntu (Precise, Tahr, or Wily)
On the resulting web page, look over on the right-hand side where it says "Builds".
Click the link corresponding to your hardware (e.g. i386) to get to the list of DEBs.
You will want two DEBs, the libc6 and libc-bin.
For example for Precise you want
libc6_2.15-0ubuntu10.13_i386.deb
libc-bin_2.15-0ubuntu10.13_i386.deb
Download the DEBs and left click each to install.
http://www.ubuntu.com/usn/usn-2900-1/
Click the link corresponding to your flavor of Ubuntu (Precise, Tahr, or Wily)
On the resulting web page, look over on the right-hand side where it says "Builds".
Click the link corresponding to your hardware (e.g. i386) to get to the list of DEBs.
You will want two DEBs, the libc6 and libc-bin.
For example for Precise you want
libc6_2.15-0ubuntu10.13_i386.deb
libc-bin_2.15-0ubuntu10.13_i386.deb
Download the DEBs and left click each to install.
Debian users see here:
https://www.debian.org/security/2016/dsa-3481
and for more details here:
https://security-tracker.debian.org/tra ... -2015-7547
@ greengeek
https://www.debian.org/security/2016/dsa-3481
and for more details here:
https://security-tracker.debian.org/tra ... -2015-7547
@ greengeek
Code: Select all
root@debian:~# ldd --version
ldd (Debian GLIBC 2.21-8) 2.21
Copyright (C) 2015 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.
root@debian:~#
I run DD Jessie openbox with Optional Persistence (frugal boot and only preserve changes if I opt to save) and I hit a problem with applying the Debian update as per here (which also outlines how to work around that). Only applies if you use the changes=EXIT:/live/ boot parameter choice (i.e. Optional Persistence).anikin wrote:Debian users see here:
https://www.debian.org/security/2016/dsa-3481
and for more details here:
https://security-tracker.debian.org/tra ... -2015-7547
@ greengeekCode: Select all
root@debian:~# ldd --version ldd (Debian GLIBC 2.21-8) 2.21 Copyright (C) 2015 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Written by Roland McGrath and Ulrich Drepper. root@debian:~#
Not sure, but I did see additional suggestions that it might not be just glibc that needs fixing/patching, but also other things such as python.
Debian have released updates for Libre and Python today (after releasing a glibc update) http://murga-linux.com/puppy/viewtopic. ... 032#890032
Debian have released updates for Libre and Python today (after releasing a glibc update) http://murga-linux.com/puppy/viewtopic. ... 032#890032
-
Dingo
- Posts: 1437
- Joined: Tue 11 Dec 2007, 17:48
- Location: somewhere at the end of rainbow...
- Contact:
I remember I read that only GNU C Libraries since 2.9 are affected
so, puppy 3.01 with its
GNU C Library stable release version 2.5
is secure?
so, puppy 3.01 with its
GNU C Library stable release version 2.5
is secure?
replace .co.cc with .info to get access to stuff I posted in forum
dropbox 2GB free
OpenOffice for Puppy Linux
dropbox 2GB free
OpenOffice for Puppy Linux
I think so Flash, that does appear to be near the bottom line. Browser-Tools like Redirect Cleaner should help. But when one is running a server with a high amount of automation/networking, the browser isn't the only entrance. And further, human eyes are not involved.
If I may, my purposes and wants/needs really don't rely upon shares or servers. I toss them out of my personal-use puppy. I do leave the config files intact. If it ain't there it can't be exploited. So things like transmission, sylpheed, samba, etc are not there and don't need updates. YRMV
If I may, my purposes and wants/needs really don't rely upon shares or servers. I toss them out of my personal-use puppy. I do leave the config files intact. If it ain't there it can't be exploited. So things like transmission, sylpheed, samba, etc are not there and don't need updates. YRMV
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
"Zuckerberg: a large city inhabited by mentally challenged people."
The article that anikin linked above says:Flash wrote:What is the practical danger, that you could go to a URL without realizing it?
which makes it sound more serious than just a misplaced redirect.Researchers have discovered a potentially catastrophic flaw in one of the Internet's core building blocks that leaves hundreds or thousands of apps and hardware devices vulnerable to attacks that can take complete control over them.
Interesting that the RedHat fellas knew about it and didn't pass the info on to other Linux devs.
Anything compiled with pre 2.9 GNU C libs would not have the flaw - but being relatively old could contain other flaws! Also, even though you might be running a pup compiled with pre 2.9 libs, other programs might have been compiled using 2.9 or later. Bitcoin, Teamviewer (not saying they have, just using them as possible examples).Dingo wrote:I remember I read that only GNU C Libraries since 2.9 are affected
so, puppy 3.01 with its
GNU C Library stable release version 2.5
is secure?