Linux Lite Forums

General => Security & Bug Fixes => Topic started by: newtusmaximus on February 17, 2016, 06:45:53 AM

Title: Glibc: Mega bug may hit thousands of devices
Post by: newtusmaximus on February 17, 2016, 06:45:53 AM
http://www.bbc.co.uk/news/technology-35592916 (http://www.bbc.co.uk/news/technology-35592916)

Significance for LL users??
Title: Re: Glibc: Mega bug may hit thousands of devices
Post by: shaggytwodope on February 17, 2016, 07:30:01 AM
http://www.bbc.co.uk/news/technology-35592916 (http://www.bbc.co.uk/news/technology-35592916)

Significance for LL users??
While its generally just fine to pay attention to news in this field, it's rarely going to explain things in much detail. And be aware of  scare tactics to get more clicks/views.

But in this case, you'll want to check out https://lists.ubuntu.com/archives/ubuntu-security-announce/2016-February/003305.html (https://lists.ubuntu.com/archives/ubuntu-security-announce/2016-February/003305.html) And here for far more details on the extact issue reported in that article https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html


If security updates and warnings are of interest to you, I suggest checking out the related mailing lists. And never be afraid to ask or point out a new security issue of this scope. (Your favorite image viewer may not be the end of the world.)
Title: Re: Glibc: Mega bug may hit thousands of devices
Post by: avj on February 17, 2016, 10:11:35 AM
I recommend that everyone run install updates to get the fixed package shown on the link provided by  shaggytwodope.

I have, and can confirm that the package
Code: [Select]
libc6                           2.19-0ubuntu6.7 was updated.

According to the link you need to restart your system for it to complete the process.

Code: [Select]
It was discovered that the GNU C Library incorrectly handled receiving
responses while performing DNS resolution. A remote attacker could use this
issue to cause the GNU C Library to crash, resulting in a denial of
service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.10:
  libc6                           2.21-0ubuntu4.1

Ubuntu 14.04 LTS:
  libc6                           2.19-0ubuntu6.7

Ubuntu 12.04 LTS:
  libc6                           2.15-0ubuntu10.13

After a standard system update you need to reboot your computer to make
all the necessary changes.
Title: Re: Glibc: Mega bug may hit thousands of devices
Post by: TMG1961 on February 17, 2016, 11:53:40 AM
Here also updated to latest version