Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 30 Jan 2015 11:54:49 +0100
From: linkbc02 <linkbc02@...look.com>
To: <oss-security@...ts.openwall.com>
Subject: R: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)

|If you try upgrading glibc and the issue goes away, _that_ would be a
|reason to suspect relevance. 

Hi, already done


# rpm -q glibc 
glibc-2.12-1.132.el6_5.2.x86_64
glibc-2.12-1.132.el6_5.2.i686

# yum update glibc


# rpm -q glibc    
glibc-2.12-1.149.el6_6.5.x86_64
glibc-2.12-1.149.el6_6.5.i686



# /etc/init.d/dovecot restart


# telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE
STARTTLS AUTH=PLAIN AUTH=LOGIN] IMAP ready.
1 login
00000000000000000000000000000000000000000000000000000000000000000000000000-c
utted-


BAD Error in IMAP command received by server.

* BAD Error in IMAP command received by server.


#dmesg doesn't show anymore segfault and core dump

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.