[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] glibc vulnerability
- Subject: [ale] glibc vulnerability
- From: jim.kinney at gmail.com (Jim Kinney)
- Date: Tue, 27 Jan 2015 17:57:25 -0500
- In-reply-to: <CAAt=rgBjTLMdh_DzJdW--47ZkXU9odVi=4Bx3wfVW_naR=GdUg@mail.gmail.com>
- References: <[email protected]> <CAAt=rgBjTLMdh_DzJdW--47ZkXU9odVi=4Bx3wfVW_naR=GdUg@mail.gmail.com>
On Tue, 2015-01-27 at 16:33 -0500, James Sumners wrote:
> It's just getting ridiculous at this point.
Actually, no. It's about time that some of the core capabilities of
Linux were put under the security microscope. This particular issue
doesn't allow a root access but does allow access as the user running a
vulnerable process. So turn on selinux while this is getting patched and
privilege escalations are mostly moot.
>
> On Tue, Jan 27, 2015 at 3:34 PM, Beddingfield, Allen <allen at ua.edu>
> wrote:
> FYI, for those who have not already seen this...
> Get ready for another round of emergency patches:
> http://ma.ttias.be/critical-glibc-update-cve-2015-0235-gethostbyname-calls/
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
--
James P. Kinney III
Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain
http://heretothereideas.blogspot.com/