[arch-general] CVE-2015-0235: glibc / heap overflow in gethostbyname()
anthraxx at archlinux.org
Tue Jan 27 17:25:11 UTC 2015
On 01/27/2015 05:42 PM, Ido Rosen wrote:
> Hi Allan & others,
> This is a pretty big remote vulnerability, with a big attack
> surface. I'm not sure if this is the right list to be sending it to,
> but I'd suggest patching glibc right away. I think RedHat's already
> released an RHEL5 backported patch, and upstream has already patched
> it (as of yesterday). See the links below.
This vulnerability does not affect arch (anymore), as we are already
shipping glibc version 2.20-6  where the upstream patch  is
You may want to write security related topics and discussions to the
arch-security  ML rather then arch-general.
There is already a topic  posted by Remi which contains clarification
cheers and thank you for your awareness,
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the arch-general