Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 2 Feb 2015 16:52:18 +0200
From: Constantine Shulyupin <const@...elinux.com>
To: oss-security@...ts.openwall.com
Subject: workaround for GHOST glibc vulnerability CVE-2015-0235

CVE-2015-0235-workaround is a shared library wrapper with additional checks
for the vulnerable functions gethostbyname2_r and gethostbyname_r .

The proper solution for CVE-2015-0235 is to upgrade glibc to at least
glibc-2.18.

In some cases, an immediate glibc upgrade is not possible, for example in
custom production embedded systems, because such an upgrade requires a
validation of the whole system.

In such cases, this workaround provides a hot fix solution, which is easier
to validate.

Source code: https://github.com/makelinux/CVE-2015-0235-workaround


-- 
Constantine Shulyupin
http://www.MakeLinux.com/
Embedded Linux Systems
and Device Drivers

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ