28 Jan
2015
28 Jan
'15
7:20 a.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ahoj,
objevil se novy bug v knihovne glibc, prosim o update na Vasich VPSkach :))
Bug v glibc:
<https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235
<https://security-tracker.debian.org/tracker/CVE-2015-0235>https://security-tracker.debian.org/tracker/CVE-2015-0235
Clanek:
<http://ma.ttias.be/critical-glibc-update-cve-2015-0235-gethostbyname-calls/>http://ma.ttias.be/critical-glibc-update-cve-2015-0235-gethostbyname-calls/
Diky, Medved
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJUyI2lAAoJEPT7B3rGVO3VsOsP/jo11DSxbgsWHGte6OQ2jJNI
9Y6AW+Hfx8xaT4aLZcRanvglklQGjqsTmP+NiKGSMnVM7yuZvX8Jt3yvGVaEqJD6
tn1Y8/Xad22lF4QJfnijfdSVogPAxN4MZbu/udsV+vcNjBoU5sk226q04Y4HlX5+
kXytFO4yBBhlqZFTjdkEsLte2aFfr44TtwwUP9Q1YdtBu88R+HovDnUoNMJRVEmG
R4rZVfPRRcICpnEPS6p+CtkocvB18nZkU8HaPFfHkSdcqBw1F4bQhCdT15ujzbhD
ECM0t31x/iwRL/4W2sABlAHtsUfHVU5/GGyiOPypHRaQLg84CZYVuhM1Au8O/rUY
qV4sg2q+fAbr0mn8lq3i9TO937R+oGNm54mpoYknnF5RLvvUaNYgQHjMClB60eOX
x7LP3WT+22Nvgo4HmCS7uJ9/xNlLHNtcklXOE7mNazzFxRGYiDzrLl/K2G+uUSS+
AZvGsQkmhq7d4IQJjHE5dE0v+8j5bVbZOJFS6by9yoNXMEl0Mx5WjcrNHYlKsacN
c0tjgtyezgUc8tq02EdsInZ2AWbvEvUWNLEr7Nd1jYB5UjK0LFBUZRiLQHVgFjtg
NrL7UVeelKSYXOd0rRBrZkAjfYo0ApYw6w86+cjorYy69Vacc1e4PBqMDFcqXYfV
sSI0MxapvNQMNtXFxgEM
=nG7c
-----END PGP SIGNATURE-----
28 Jan
28 Jan
9:21 a.m.
Podle všeho je "nový" skoro dva roky... :-(
Jiří Medvěd wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ahoj,
objevil se novy bug v knihovne glibc, prosim o update na Vasich VPSkach :))
Bug v glibc:
<https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235
<https://security-tracker.debian.org/tracker/CVE-2015-0235>https://security-tracker.debian.org/tracker/CVE-2015-0235
Clanek:
<http://ma.ttias.be/critical-glibc-update-cve-2015-0235-gethostbyname-calls/>http://ma.ttias.be/critical-glibc-update-cve-2015-0235-gethostbyname-calls/
Diky, Medved
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJUyI2lAAoJEPT7B3rGVO3VsOsP/jo11DSxbgsWHGte6OQ2jJNI
9Y6AW+Hfx8xaT4aLZcRanvglklQGjqsTmP+NiKGSMnVM7yuZvX8Jt3yvGVaEqJD6
tn1Y8/Xad22lF4QJfnijfdSVogPAxN4MZbu/udsV+vcNjBoU5sk226q04Y4HlX5+
kXytFO4yBBhlqZFTjdkEsLte2aFfr44TtwwUP9Q1YdtBu88R+HovDnUoNMJRVEmG
R4rZVfPRRcICpnEPS6p+CtkocvB18nZkU8HaPFfHkSdcqBw1F4bQhCdT15ujzbhD
ECM0t31x/iwRL/4W2sABlAHtsUfHVU5/GGyiOPypHRaQLg84CZYVuhM1Au8O/rUY
qV4sg2q+fAbr0mn8lq3i9TO937R+oGNm54mpoYknnF5RLvvUaNYgQHjMClB60eOX
x7LP3WT+22Nvgo4HmCS7uJ9/xNlLHNtcklXOE7mNazzFxRGYiDzrLl/K2G+uUSS+
AZvGsQkmhq7d4IQJjHE5dE0v+8j5bVbZOJFS6by9yoNXMEl0Mx5WjcrNHYlKsacN
c0tjgtyezgUc8tq02EdsInZ2AWbvEvUWNLEr7Nd1jYB5UjK0LFBUZRiLQHVgFjtg
NrL7UVeelKSYXOd0rRBrZkAjfYo0ApYw6w86+cjorYy69Vacc1e4PBqMDFcqXYfV
sSI0MxapvNQMNtXFxgEM
=nG7c
-----END PGP SIGNATURE-----
_______________________________________________
Community-list mailing list
Community-list(a)lists.vpsfree.cz
http://lists.vpsfree.cz/listinfo/community-list
12:11 p.m.
V Wed, 28 Jan 2015 10:21:15 +0100
Jirka Bourek <trekker.dk(a)abclinuxu.cz> napsal:
Podle všeho je "nový" skoro dva roky... :-(
Aha, GHOST... Ano, to se teď bude hodně diskutovat... Dovolím si
ocitovat jednoho kolegu:
Qualys apparently wants to have it a big issue, so
they invented a code
word "GHOST", made a youtube video etc etc.
https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-g…
Hlavně hodně humbuku. :-/
Petr T
Jiří Medvěd wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ahoj,
objevil se novy bug v knihovne glibc, prosim o update na Vasich VPSkach :))
Bug v glibc:
<https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235
<https://security-tracker.debian.org/tracker/CVE-2015-0235>https://security-tracker.debian.org/tracker/CVE-2015-0235
Clanek:
<http://ma.ttias.be/critical-glibc-update-cve-2015-0235-gethostbyname-calls/>http://ma.ttias.be/critical-glibc-update-cve-2015-0235-gethostbyname-calls/
Diky, Medved
_______________________________________________
Community-list mailing list
Community-list(a)lists.vpsfree.cz
http://lists.vpsfree.cz/listinfo/community-list -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJUyI2lAAoJEPT7B3rGVO3VsOsP/jo11DSxbgsWHGte6OQ2jJNI
9Y6AW+Hfx8xaT4aLZcRanvglklQGjqsTmP+NiKGSMnVM7yuZvX8Jt3yvGVaEqJD6
tn1Y8/Xad22lF4QJfnijfdSVogPAxN4MZbu/udsV+vcNjBoU5sk226q04Y4HlX5+
kXytFO4yBBhlqZFTjdkEsLte2aFfr44TtwwUP9Q1YdtBu88R+HovDnUoNMJRVEmG
R4rZVfPRRcICpnEPS6p+CtkocvB18nZkU8HaPFfHkSdcqBw1F4bQhCdT15ujzbhD
ECM0t31x/iwRL/4W2sABlAHtsUfHVU5/GGyiOPypHRaQLg84CZYVuhM1Au8O/rUY
qV4sg2q+fAbr0mn8lq3i9TO937R+oGNm54mpoYknnF5RLvvUaNYgQHjMClB60eOX
x7LP3WT+22Nvgo4HmCS7uJ9/xNlLHNtcklXOE7mNazzFxRGYiDzrLl/K2G+uUSS+
AZvGsQkmhq7d4IQJjHE5dE0v+8j5bVbZOJFS6by9yoNXMEl0Mx5WjcrNHYlKsacN
c0tjgtyezgUc8tq02EdsInZ2AWbvEvUWNLEr7Nd1jYB5UjK0LFBUZRiLQHVgFjtg
NrL7UVeelKSYXOd0rRBrZkAjfYo0ApYw6w86+cjorYy69Vacc1e4PBqMDFcqXYfV
sSI0MxapvNQMNtXFxgEM
=nG7c
-----END PGP SIGNATURE-----
_______________________________________________
Community-list mailing list
Community-list(a)lists.vpsfree.cz
http://lists.vpsfree.cz/listinfo/community-list
1:03 p.m.
Tak ono je to živí, takže je humbuk samozřejmě v jejich zájmu.
Na druhou stranu pokud se jim povedlo získat shell tak, že postiženému
serveru poslali dobře vyrobený mail, tak možná humbuk neuškodí (otázka
samozřejmě je, co to bylo za server a jak byl nastavený)
Petr Tesařík wrote:
V Wed, 28 Jan 2015 10:21:15 +0100
Jirka Bourek <trekker.dk(a)abclinuxu.cz> napsal:
Podle všeho je "nový" skoro dva roky...
:-(
Aha, GHOST... Ano, to se teď bude hodně diskutovat... Dovolím si
ocitovat jednoho kolegu:
Qualys apparently wants to have it a big issue,
so they invented a code
word "GHOST", made a youtube video etc etc.
https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-g…
Hlavně hodně humbuku. :-/
Petr T
Jiří Medvěd wrote:
_______________________________________________
Community-list mailing list
Community-list(a)lists.vpsfree.cz
http://lists.vpsfree.cz/listinfo/community-list
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ahoj,
objevil se novy bug v knihovne glibc, prosim o update na Vasich VPSkach :))
Bug v glibc:
<https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235
<https://security-tracker.debian.org/tracker/CVE-2015-0235>https://security-tracker.debian.org/tracker/CVE-2015-0235
Clanek:
<http://ma.ttias.be/critical-glibc-update-cve-2015-0235-gethostbyname-calls/>http://ma.ttias.be/critical-glibc-update-cve-2015-0235-gethostbyname-calls/
Diky, Medved
_______________________________________________
Community-list mailing list
Community-list(a)lists.vpsfree.cz
http://lists.vpsfree.cz/listinfo/community-list -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJUyI2lAAoJEPT7B3rGVO3VsOsP/jo11DSxbgsWHGte6OQ2jJNI
9Y6AW+Hfx8xaT4aLZcRanvglklQGjqsTmP+NiKGSMnVM7yuZvX8Jt3yvGVaEqJD6
tn1Y8/Xad22lF4QJfnijfdSVogPAxN4MZbu/udsV+vcNjBoU5sk226q04Y4HlX5+
kXytFO4yBBhlqZFTjdkEsLte2aFfr44TtwwUP9Q1YdtBu88R+HovDnUoNMJRVEmG
R4rZVfPRRcICpnEPS6p+CtkocvB18nZkU8HaPFfHkSdcqBw1F4bQhCdT15ujzbhD
ECM0t31x/iwRL/4W2sABlAHtsUfHVU5/GGyiOPypHRaQLg84CZYVuhM1Au8O/rUY
qV4sg2q+fAbr0mn8lq3i9TO937R+oGNm54mpoYknnF5RLvvUaNYgQHjMClB60eOX
x7LP3WT+22Nvgo4HmCS7uJ9/xNlLHNtcklXOE7mNazzFxRGYiDzrLl/K2G+uUSS+
AZvGsQkmhq7d4IQJjHE5dE0v+8j5bVbZOJFS6by9yoNXMEl0Mx5WjcrNHYlKsacN
c0tjgtyezgUc8tq02EdsInZ2AWbvEvUWNLEr7Nd1jYB5UjK0LFBUZRiLQHVgFjtg
NrL7UVeelKSYXOd0rRBrZkAjfYo0ApYw6w86+cjorYy69Vacc1e4PBqMDFcqXYfV
sSI0MxapvNQMNtXFxgEM
=nG7c
-----END PGP SIGNATURE-----
_______________________________________________
Community-list mailing list
Community-list(a)lists.vpsfree.cz
http://lists.vpsfree.cz/listinfo/community-list
2:41 p.m.
V Wed, 28 Jan 2015 14:03:03 +0100
Jirka Bourek <trekker.dk(a)abclinuxu.cz> napsal:
Tak ono je to živí, takže je humbuk samozřejmě v
jejich zájmu.
Na druhou stranu pokud se jim povedlo získat shell tak, že postiženému
serveru poslali dobře vyrobený mail, tak možná humbuk neuškodí (otázka
samozřejmě je, co to bylo za server a jak byl nastavený)
To nevím, ale vím tohle:
Here is a list of potential targets that we
investigated (they all
call gethostbyname, one way or another), but to the best of our
knowledge, the buffer overflow cannot be triggered in any of them:
apache, cups, dovecot, gnupg, isc-dhcp, lighttpd, mariadb/mysql,
nfs-utils, nginx, nodejs, openldap, openssh, postfix, proftpd,
pure-ftpd, rsyslog, samba, sendmail, sysklogd, syslog-ng,
tcp_wrappers, vsftpd, xinetd.
Petr T
Petr Tesařík wrote:
V Wed, 28 Jan 2015 10:21:15 +0100
Jirka Bourek <trekker.dk(a)abclinuxu.cz> napsal:
_______________________________________________
Community-list mailing list
Community-list(a)lists.vpsfree.cz
http://lists.vpsfree.cz/listinfo/community-list Podle všeho je "nový" skoro dva roky...
:-(
Aha, GHOST... Ano, to se teď bude hodně diskutovat... Dovolím si
ocitovat jednoho kolegu:
Qualys apparently wants to have it a big issue,
so they invented a code
word "GHOST", made a youtube video etc etc.
https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-g…
Hlavně hodně humbuku. :-/
Petr T
Jiří Medvěd wrote:
_______________________________________________
Community-list mailing list
Community-list(a)lists.vpsfree.cz
http://lists.vpsfree.cz/listinfo/community-list
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ahoj,
objevil se novy bug v knihovne glibc, prosim o update na Vasich VPSkach :))
Bug v glibc:
<https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235
<https://security-tracker.debian.org/tracker/CVE-2015-0235>https://security-tracker.debian.org/tracker/CVE-2015-0235
Clanek:
<http://ma.ttias.be/critical-glibc-update-cve-2015-0235-gethostbyname-calls/>http://ma.ttias.be/critical-glibc-update-cve-2015-0235-gethostbyname-calls/
Diky, Medved
_______________________________________________
Community-list mailing list
Community-list(a)lists.vpsfree.cz
http://lists.vpsfree.cz/listinfo/community-list -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJUyI2lAAoJEPT7B3rGVO3VsOsP/jo11DSxbgsWHGte6OQ2jJNI
9Y6AW+Hfx8xaT4aLZcRanvglklQGjqsTmP+NiKGSMnVM7yuZvX8Jt3yvGVaEqJD6
tn1Y8/Xad22lF4QJfnijfdSVogPAxN4MZbu/udsV+vcNjBoU5sk226q04Y4HlX5+
kXytFO4yBBhlqZFTjdkEsLte2aFfr44TtwwUP9Q1YdtBu88R+HovDnUoNMJRVEmG
R4rZVfPRRcICpnEPS6p+CtkocvB18nZkU8HaPFfHkSdcqBw1F4bQhCdT15ujzbhD
ECM0t31x/iwRL/4W2sABlAHtsUfHVU5/GGyiOPypHRaQLg84CZYVuhM1Au8O/rUY
qV4sg2q+fAbr0mn8lq3i9TO937R+oGNm54mpoYknnF5RLvvUaNYgQHjMClB60eOX
x7LP3WT+22Nvgo4HmCS7uJ9/xNlLHNtcklXOE7mNazzFxRGYiDzrLl/K2G+uUSS+
AZvGsQkmhq7d4IQJjHE5dE0v+8j5bVbZOJFS6by9yoNXMEl0Mx5WjcrNHYlKsacN
c0tjgtyezgUc8tq02EdsInZ2AWbvEvUWNLEr7Nd1jYB5UjK0LFBUZRiLQHVgFjtg
NrL7UVeelKSYXOd0rRBrZkAjfYo0ApYw6w86+cjorYy69Vacc1e4PBqMDFcqXYfV
sSI0MxapvNQMNtXFxgEM
=nG7c
-----END PGP SIGNATURE-----
_______________________________________________
Community-list mailing list
Community-list(a)lists.vpsfree.cz
http://lists.vpsfree.cz/listinfo/community-list
3580
days inactive
3580
days old
community-list@lists.vpsfree.cz
4 comments
3 participants
participants (3)
-
Jirka Bourek -
Jiří Medvěd -
Petr Tesařík