Author |
Message |
greengeek

Joined: 20 Jul 2010 Posts: 4939 Location: Republic of Novo Zelande
|
Posted: Thu 18 Feb 2016, 14:14 Post subject:
|
|
Flash wrote: | What is the practical danger, that you could go to a URL without realizing it? |
The article that anikin linked above says: Quote: | Researchers have discovered a potentially catastrophic flaw in one of the Internet's core building blocks that leaves hundreds or thousands of apps and hardware devices vulnerable to attacks that can take complete control over them. | which makes it sound more serious than just a misplaced redirect.
Interesting that the RedHat fellas knew about it and didn't pass the info on to other Linux devs.
|
Back to top
|
|
 |
greengeek

Joined: 20 Jul 2010 Posts: 4939 Location: Republic of Novo Zelande
|
Posted: Thu 18 Feb 2016, 14:17 Post subject:
|
|
Dingo wrote: | ..so, puppy 3.01 with its GNU C Library stable release version 2.5 is secure? |
Do you have a 3.01 puppy iso that you could recommend?
|
Back to top
|
|
 |
rufwoof
Joined: 24 Feb 2014 Posts: 2253
|
Posted: Thu 18 Feb 2016, 17:02 Post subject:
|
|
Dingo wrote: | I remember I read that only GNU C Libraries since 2.9 are affected
so, puppy 3.01 with its
GNU C Library stable release version 2.5
is secure? |
Anything compiled with pre 2.9 GNU C libs would not have the flaw - but being relatively old could contain other flaws! Also, even though you might be running a pup compiled with pre 2.9 libs, other programs might have been compiled using 2.9 or later. Bitcoin, Teamviewer (not saying they have, just using them as possible examples).
|
Back to top
|
|
 |
6502coder

Joined: 23 Mar 2009 Posts: 446 Location: Western United States
|
Posted: Thu 18 Feb 2016, 19:42 Post subject:
|
|
Just guessing, but the claim that gazillions of programs are affected is probably counting programs that use the libc shared libraries. In that case, fixing the shared libs should generally "fix" the program. Programs that were statically compiled of course are SOL and would have to be recompiled.
|
Back to top
|
|
 |
jss83
Joined: 06 Jan 2015 Posts: 230
|
Posted: Fri 19 Feb 2016, 14:31 Post subject:
|
|
What deb files for tahrpup? I can't find them.
|
Back to top
|
|
 |
anikin
Joined: 10 May 2012 Posts: 982
|
Posted: Fri 19 Feb 2016, 16:43 Post subject:
|
|
jss83 wrote: | What deb files for tahrpup? I can't find them. | Look here:
http://packages.ubuntu.com/trusty/libc-bin
http://packages.ubuntu.com/trusty/libc6
|
Back to top
|
|
 |
jss83
Joined: 06 Jan 2015 Posts: 230
|
Posted: Sat 20 Feb 2016, 03:05 Post subject:
|
|
Thanks
|
Back to top
|
|
 |
cimarron

Joined: 30 May 2013 Posts: 293
|
Posted: Sat 20 Feb 2016, 10:35 Post subject:
|
|
All the computers on our network here sit behind a router running DD-WRT, which I'm told does not use glibc. And DNS lookups on all computers are directed through the router to OpenDNS servers. Apparently using OpenDNS avoids the glibc vulnerability:
https://engineering.opendns.com/2016/02/17/2980/
Anyone know enough about the problem to verify this?
|
Back to top
|
|
 |
Sky Aisling

Joined: 27 Jun 2009 Posts: 1200 Location: Port Townsend, WA. USA
|
Posted: Sat 20 Feb 2016, 16:13 Post subject:
Many Millions of Linux are affected by this security hole #2 Subject description: Glibc: Mega bug |
|
Here is some more information.
http://www.bbc.com/news/technology-35592916
(Article says bug may effect 1,000s of devices, more like millions of devices.)
|
Back to top
|
|
 |
gcmartin
Joined: 14 Oct 2005 Posts: 6730 Location: Earth
|
Posted: Mon 22 Feb 2016, 12:48 Post subject:
Serious disclosure of hacks built into distros Subject description: There is NO protection from this from any PUP developer |
|
Wrongly posted. MOVED!
_________________ Get ACTIVE Create Circles; Do those good things which benefit people's needs!
We are all related ... Its time to show that we know this!
3 Different Puppy Search Engines or use DogPile
Last edited by gcmartin on Mon 22 Feb 2016, 12:52; edited 1 time in total
|
Back to top
|
|
 |
gcmartin
Joined: 14 Oct 2005 Posts: 6730 Location: Earth
|
Posted: Mon 22 Feb 2016, 12:51 Post subject:
Serious disclosure of hacks built into distros Subject description: There is NO protection from this from any PUP developer |
|
Wrongly posted. MOVED!
_________________ Get ACTIVE Create Circles; Do those good things which benefit people's needs!
We are all related ... Its time to show that we know this!
3 Different Puppy Search Engines or use DogPile
|
Back to top
|
|
 |
LazY Puppy

Joined: 21 Nov 2014 Posts: 2007 Location: Germany
|
Posted: Mon 22 Feb 2016, 18:38 Post subject:
|
|
Many Millions and even more Millions of Humans are affected by these Security Holes:
1. A weak body / soft skin - can not resist blades, bullets, rockets or bombs.
2. A weak mind - can be corrupted and compromised by money / authorities.
3. A organ called: heart - can be switched on / off by a heavy punch on the chest.
4. Multiple veins overall inside the weak body - sometimes they can clog and then causing main system failure.
5. A complex brain structure - can have shortcuts and causing you having ticks (Tourette Syndrom) - in a lower case/level.
6. A complex brain structure - can have shortcuts and causing you cognitive disability but the Savant Syndrome - in a mid case/level.
7. A complex brain structure - can have shortcuts and causing you hearing voices telling you to commit murder or mass-murder - in a upper case/level.
These Security Holes (assuming there are more) have been existing for thousands of years, but there's still no security update available!
So what are you talking about here?
Does this mean Windows seems to be proprietary crap (sometimes) but GNU/Linux is open source crap? Will Humans then just be GOD's crap?
What is the benefit of the often highlighted security of GNU/Linux / Open Source, if nobody is watching the code for years or decades?
Note: who's bend to any kinds of network will surely going to die connected to such network! Maybe, one day, your network will lock you completely out of your home.
_________________ RSH
"you only wanted to work your Puppies in German", "you are a separatist in that you want Germany to secede from Europe" (musher0)
No, but I gave my old drum kit away for free to a music store collecting instruments for refugees! 
|
Back to top
|
|
 |
Burn_IT

Joined: 12 Aug 2006 Posts: 3010 Location: Tamworth UK
|
Posted: Mon 22 Feb 2016, 18:48 Post subject:
|
|
Linux bugs are obviously superior bugs since they are open source! and tested by so many people.
_________________ "Just think of it as leaving early to avoid the rush" - T Pratchett
|
Back to top
|
|
 |
musher0

Joined: 04 Jan 2009 Posts: 12082 Location: Gatineau (Qc), Canada
|
Posted: Sun 28 Feb 2016, 08:54 Post subject:
|
|
Burn_IT wrote: | Linux bugs are obviously superior bugs since they are open source! and tested by so many people. |
Why, of course we have superior bugs ! Ha!
_________________ musher0
~~~~~~~~~~
"Logical entities must not be multiplied beyond necessity." | |
« Il ne faut pas multiplier les entités logiques sans nécessité. » (Ockham)
|
Back to top
|
|
 |
mcradventures
Joined: 25 Jan 2017 Posts: 10
|
Posted: Fri 27 Jan 2017, 18:34 Post subject:
|
|
So, is the latest Slacko vulnerable?
|
Back to top
|
|
 |
|