[arch-general] CVE-2015-0235: glibc / heap overflow in gethostbyname()

Levente Polyak anthraxx at archlinux.org
Tue Jan 27 17:25:11 UTC 2015

On 01/27/2015 05:42 PM, Ido Rosen wrote:
> Hi Allan & others,
>   This is a pretty big remote vulnerability, with a big attack
> surface.  I'm not sure if this is the right list to be sending it to,
> but I'd suggest patching glibc right away.  I think RedHat's already
> released an RHEL5 backported patch, and upstream has already patched
> it (as of yesterday).  See the links below.
> Ido


This vulnerability does not affect arch (anymore), as we are already
shipping glibc version 2.20-6 [0] where the upstream patch [1] is
already included.
You may want to write security related topics and discussions to the
arch-security [2] ML rather then arch-general.
There is already a topic [3] posted by Remi which contains clarification
about CVE-2015-0235.

cheers and thank you for your awareness,

[0] https://www.archlinux.org/packages/?name=glibc
[2] https://lists.archlinux.org/listinfo/arch-security

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20150127/f6671f47/attachment.asc>

More information about the arch-general mailing list