OK, at the risk of exposing my ignorance, is it sufficient to update glibc
(I see that yum-cron has already done this for me), and perhaps to restart
some services like named? Or is glibc compiled into packages like BIND and
those need to be updated?
I'm thinking the glibc libraries are not compiled into the applications but
are called at run time, but I really don't know.
-----Original Message-----
From: Josh Reynolds
Sent: Thursday, February 18, 2016 4:53 PM
To: af@afmug.com
Subject: Re: [AFMUG] update and patch your linux servers, people!
#oldnews
Another thing you want to do is limit inbound dns responses to 1024
and less on most platforms, including mikrotik. They may use uClibc
though, I am not sure.
Most UBNT devices are not vulnerable to this, although EdgeRouter and
CloudKey were (and probably that old ubnt nvr appliance). Thankfully
they both receive patches from debian upstream, so it's just an
apt-get update ; apt-get upgrade -y away.
On Thu, Feb 18, 2016 at 4:48 PM, Eric Kuhnke <eric.kuh...@gmail.com> wrote:
http://linux.slashdot.org/story/16/02/18/157239/magnitude-of-glibc-vulnerability-coming-to-light
http://arstechnica.com/security/2016/02/extremely-severe-bug-leaves-dizzying-number-of-apps-and-devices-vulnerable/
http://www.kb.cert.org/vuls/id/457759
If it has glibc on it and looks up things by DNS, it needs to be patched.
That's just about every Linux distro in existence.
