Package: libc6 Version: 2.7-12 Severity: critical Tags: security
The glibc stub resolver is vulnerable to CVE-2008-1447, according to DSA 1605. Since the vast majority of network-using programs use glibc as a resolver, this vulnerability affects virtually any network-using program, hence the severity. libc6 should not be released without a fix for this problem. The vulnerability has been exposed: http://demosthen.es/post/43048623/reliable-dns-forgery-in-2008 If Slashdot knows it, so does everyone else. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-trunk-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libc6 depends on: ii libgcc1 1:4.3.1-6 GCC support library libc6 recommends no packages. Versions of packages libc6 suggests: pn glibc-doc <none> (no description available)ii locales-all [locales] 2.7-12 GNU C Library: Precompiled locale
-- debconf information: glibc/upgrade: true glibc/restart-failed: glibc/restart-services: -- brian m. carlson / brian with sandals: Houston, Texas, US +1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only troff on top of XML: http://crustytoothpaste.ath.cx/~bmc/code/thwack OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital signature
