Date: Mon, 2 Feb 2015 16:52:18 +0200 From: Constantine Shulyupin <const@...elinux.com> To: oss-security@...ts.openwall.com Subject: workaround for GHOST glibc vulnerability CVE-2015-0235 CVE-2015-0235-workaround is a shared library wrapper with additional checks for the vulnerable functions gethostbyname2_r and gethostbyname_r . The proper solution for CVE-2015-0235 is to upgrade glibc to at least glibc-2.18. In some cases, an immediate glibc upgrade is not possible, for example in custom production embedded systems, because such an upgrade requires a validation of the whole system. In such cases, this workaround provides a hot fix solution, which is easier to validate. Source code: https://github.com/makelinux/CVE-2015-0235-workaround -- Constantine Shulyupin http://www.MakeLinux.com/ Embedded Linux Systems and Device Drivers
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.