On Feb 2, 2015 8:25 PM, "fooler mail" <[email protected]> wrote: > > pluggers, > > another serious security hole.... ASLR, PIE and NX are useless with > this vulnerability. > > https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability > > fooler. >
Not all sysems are vulnerable at all. Its not as bad as heartbleed. My systems never had this vulnerability since glibc 2.17. We track glibc releases like semi rolling release distros do. We patched our glibc and since we made our network programs ipv6 ready we never had to use the gethost calls at all for a while already. I just switched to musl libc today and removed a lot of old code that its almost a fork because auditing old code is just a pain in the ass. Long life stable and backports is just not worth it. _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
