View previous topic :: View next topic |
Author |
Message |
ctcp n00b
Joined: 30 Jan 2015 Posts: 2
|
Posted: Fri Jan 30, 2015 6:55 pm Post subject: GHOST vulnerability |
|
|
Hi, when i run the following command:
I see that my version of Libc is 2.3.6
Code: | ldd (GNU libc) 2.3.6
Copyright (C) 2005 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper. |
Is this version vulnerable?. And... if this is vulnerable, i do i fix it?
Edit:
My Gentoo version is:
Code: | Gentoo Base System version 1.6.14 |
Thanks. |
|
Back to top |
|
|
F_ Tux's lil' helper
Joined: 31 Dec 2006 Posts: 142
|
Posted: Fri Jan 30, 2015 7:44 pm Post subject: |
|
|
You should be fine. Take a look at the following bug list entries:
Versions prior to 2.20 are vulnerable to this issue.
Best Regards,
F_ |
|
Back to top |
|
|
Jaglover Watchman
Joined: 29 May 2005 Posts: 8291 Location: Saint Amant, Acadiana
|
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9679 Location: almost Mile High in the USA
|
Posted: Fri Jan 30, 2015 8:08 pm Post subject: |
|
|
If you have app-portage/gentoolkit installed,
Code: | $ glsa-check -l affected |
But yes an almost 10 year old box there are probably a lot of potential issues... and also a candidate for fresh reinstall... |
|
Back to top |
|
|
ctcp n00b
Joined: 30 Jan 2015 Posts: 2
|
Posted: Fri Jan 30, 2015 8:23 pm Post subject: |
|
|
This is the result:
Code: | # glsa-check -l affected
!!! /etc/make.profile is not a symlink and will probably prevent most merges.
!!! It should point into a profile within /usr/portage/profiles/
!!! (You can safely ignore this message when syncing. It's harmless.)
Traceback (most recent call last):
File "/usr/bin/glsa-check", line 148, in ?
myglsa = Glsa(x, glsaconfig)
File "/usr/lib/gentoolkit/pym/glsa.py", line 414, in __init__
self.read()
File "/usr/lib/gentoolkit/pym/glsa.py", line 432, in read
self.parse(urllib.urlopen(myurl))
File "/usr/lib/gentoolkit/pym/glsa.py", line 470, in parse
self.description = getText(myroot.getElementsByTagName("description")[0], fo rmat="xml")
File "/usr/lib/gentoolkit/pym/glsa.py", line 233, in getText
return str(rValue)
UnicodeEncodeError: 'ascii' codec can't encode character u'\u2019' in position 8 : ordinal not in range(128)
|
|
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9679 Location: almost Mile High in the USA
|
Posted: Sat Jan 31, 2015 12:17 am Post subject: |
|
|
You need to emerge --sync before running glsa-check. And hope that the out of date components still work...
Also need to fix your make.profile link since it appears your old profile has now been deleted? eselect profile list; eselect profile set XYZ ... |
|
Back to top |
|
|
Ant P. Watchman
Joined: 18 Apr 2009 Posts: 6920
|
Posted: Sat Jan 31, 2015 12:19 am Post subject: |
|
|
GHOST is the least of your problems right now. |
|
Back to top |
|
|
Jaglover Watchman
Joined: 29 May 2005 Posts: 8291 Location: Saint Amant, Acadiana
|
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9679 Location: almost Mile High in the USA
|
Posted: Sat Jan 31, 2015 12:32 am Post subject: |
|
|
Ant P. wrote: | GHOST is the least of your problems right now. |
I'm sure he'll finally notice the hole he dug and freak out when he sees glsa-check return pages upon pages of vulnerabilities _________________ Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
Back to top |
|
|
F_ Tux's lil' helper
Joined: 31 Dec 2006 Posts: 142
|
Posted: Sat Jan 31, 2015 12:36 am Post subject: |
|
|
F_ wrote: | You should be fine. Take a look at the following bug list entries:
Versions prior to 2.20 are vulnerable to this issue.
Best Regards,
F_ |
Wow -- I totally missed that he was running 2.3..... not 2.30. Yeah, ctcp, you're definitely going to have to upgrade because you are about 27 versions of glibc behind. |
|
Back to top |
|
|
|