Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Mon 16 Jul 2018, 07:00
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Many Millions of Linux are affected by this security hole #2
Post new topic   Reply to topic View previous topic :: View next topic
Page 2 of 2 [30 Posts]   Goto page: Previous 1, 2
Author Message
greengeek


Joined: 20 Jul 2010
Posts: 5090
Location: Republic of Novo Zelande

PostPosted: Thu 18 Feb 2016, 14:14    Post subject:  

Flash wrote:
What is the practical danger, that you could go to a URL without realizing it?

The article that anikin linked above says:
Quote:
Researchers have discovered a potentially catastrophic flaw in one of the Internet's core building blocks that leaves hundreds or thousands of apps and hardware devices vulnerable to attacks that can take complete control over them.
which makes it sound more serious than just a misplaced redirect.

Interesting that the RedHat fellas knew about it and didn't pass the info on to other Linux devs.
Back to top
View user's profile Send private message 
greengeek


Joined: 20 Jul 2010
Posts: 5090
Location: Republic of Novo Zelande

PostPosted: Thu 18 Feb 2016, 14:17    Post subject:  

Dingo wrote:
..so, puppy 3.01 with its GNU C Library stable release version 2.5 is secure?


Do you have a 3.01 puppy iso that you could recommend?
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 2383

PostPosted: Thu 18 Feb 2016, 17:02    Post subject:  

Dingo wrote:
I remember I read that only GNU C Libraries since 2.9 are affected

so, puppy 3.01 with its

GNU C Library stable release version 2.5

is secure?

Anything compiled with pre 2.9 GNU C libs would not have the flaw - but being relatively old could contain other flaws! Also, even though you might be running a pup compiled with pre 2.9 libs, other programs might have been compiled using 2.9 or later. Bitcoin, Teamviewer (not saying they have, just using them as possible examples).
Back to top
View user's profile Send private message 
6502coder


Joined: 23 Mar 2009
Posts: 464
Location: Western United States

PostPosted: Thu 18 Feb 2016, 19:42    Post subject:  

Just guessing, but the claim that gazillions of programs are affected is probably counting programs that use the libc shared libraries. In that case, fixing the shared libs should generally "fix" the program. Programs that were statically compiled of course are SOL and would have to be recompiled.
Back to top
View user's profile Send private message 
jss83

Joined: 06 Jan 2015
Posts: 242

PostPosted: Fri 19 Feb 2016, 14:31    Post subject:  

What deb files for tahrpup? I can't find them.
Back to top
View user's profile Send private message 
anikin

Joined: 10 May 2012
Posts: 1020

PostPosted: Fri 19 Feb 2016, 16:43    Post subject:  

jss83 wrote:
What deb files for tahrpup? I can't find them.
Look here:
http://packages.ubuntu.com/trusty/libc-bin
http://packages.ubuntu.com/trusty/libc6
Back to top
View user's profile Send private message 
jss83

Joined: 06 Jan 2015
Posts: 242

PostPosted: Sat 20 Feb 2016, 03:05    Post subject:  

anikin wrote:
jss83 wrote:
What deb files for tahrpup? I can't find them.
Look here:
http://packages.ubuntu.com/trusty/libc-bin
http://packages.ubuntu.com/trusty/libc6


Thanks Smile
Back to top
View user's profile Send private message 
cimarron


Joined: 30 May 2013
Posts: 293

PostPosted: Sat 20 Feb 2016, 10:35    Post subject:  

All the computers on our network here sit behind a router running DD-WRT, which I'm told does not use glibc. And DNS lookups on all computers are directed through the router to OpenDNS servers. Apparently using OpenDNS avoids the glibc vulnerability:

https://engineering.opendns.com/2016/02/17/2980/

Anyone know enough about the problem to verify this?
Back to top
View user's profile Send private message 
Sky Aisling


Joined: 27 Jun 2009
Posts: 1200
Location: Port Townsend, WA. USA

PostPosted: Sat 20 Feb 2016, 16:13    Post subject: Many Millions of Linux are affected by this security hole #2
Subject description: Glibc: Mega bug
 

Here is some more information.

http://www.bbc.com/news/technology-35592916

(Article says bug may effect 1,000s of devices, more like millions of devices.)
Back to top
View user's profile Send private message 
gcmartin

Joined: 14 Oct 2005
Posts: 6730
Location: Earth

PostPosted: Mon 22 Feb 2016, 12:48    Post subject: Serious disclosure of hacks built into distros
Subject description: There is NO protection from this from any PUP developer
 

Wrongly posted. MOVED!
_________________
Get ACTIVE Create Circles; Do those good things which benefit people's needs!
We are all related ... Its time to show that we know this!
3 Different Puppy Search Engines or use DogPile

Last edited by gcmartin on Mon 22 Feb 2016, 12:52; edited 1 time in total
Back to top
View user's profile Send private message 
gcmartin

Joined: 14 Oct 2005
Posts: 6730
Location: Earth

PostPosted: Mon 22 Feb 2016, 12:51    Post subject: Serious disclosure of hacks built into distros
Subject description: There is NO protection from this from any PUP developer
 

Wrongly posted. MOVED!
_________________
Get ACTIVE Create Circles; Do those good things which benefit people's needs!
We are all related ... Its time to show that we know this!
3 Different Puppy Search Engines or use DogPile
Back to top
View user's profile Send private message 
LazY Puppy


Joined: 21 Nov 2014
Posts: 2007
Location: Germany

PostPosted: Mon 22 Feb 2016, 18:38    Post subject:  

Many Millions and even more Millions of Humans are affected by these Security Holes:

1. A weak body / soft skin - can not resist blades, bullets, rockets or bombs.
2. A weak mind - can be corrupted and compromised by money / authorities.
3. A organ called: heart - can be switched on / off by a heavy punch on the chest.
4. Multiple veins overall inside the weak body - sometimes they can clog and then causing main system failure.
5. A complex brain structure - can have shortcuts and causing you having ticks (Tourette Syndrom) - in a lower case/level.
6. A complex brain structure - can have shortcuts and causing you cognitive disability but the Savant Syndrome - in a mid case/level.
7. A complex brain structure - can have shortcuts and causing you hearing voices telling you to commit murder or mass-murder - in a upper case/level.

These Security Holes (assuming there are more) have been existing for thousands of years, but there's still no security update available!

So what are you talking about here?

Does this mean Windows seems to be proprietary crap (sometimes) but GNU/Linux is open source crap? Will Humans then just be GOD's crap?

What is the benefit of the often highlighted security of GNU/Linux / Open Source, if nobody is watching the code for years or decades?

Note: who's bend to any kinds of network will surely going to die connected to such network! Maybe, one day, your network will lock you completely out of your home. Laughing

_________________
RSH

"you only wanted to work your Puppies in German", "you are a separatist in that you want Germany to secede from Europe" (musher0) Laughing

No, but I gave my old drum kit away for free to a music store collecting instruments for refugees! Wink
Back to top
View user's profile Send private message 
Burn_IT


Joined: 12 Aug 2006
Posts: 3130
Location: Tamworth UK

PostPosted: Mon 22 Feb 2016, 18:48    Post subject:  

Linux bugs are obviously superior bugs since they are open source! and tested by so many people.
_________________
"Just think of it as leaving early to avoid the rush" - T Pratchett
Back to top
View user's profile Send private message 
musher0


Joined: 04 Jan 2009
Posts: 12394
Location: Gatineau (Qc), Canada

PostPosted: Sun 28 Feb 2016, 08:54    Post subject:  

Burn_IT wrote:
Linux bugs are obviously superior bugs since they are open source! and tested by so many people.

Why, of course we have superior bugs ! Ha! Twisted Evil Wink

_________________
musher0
~~~~~~~~~~
Siempre será canción nueva... (V. Jara, Manifiesto)
Back to top
View user's profile Send private message 
mcradventures

Joined: 25 Jan 2017
Posts: 10

PostPosted: Fri 27 Jan 2017, 18:34    Post subject:  

So, is the latest Slacko vulnerable?
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 2 of 2 [30 Posts]   Goto page: Previous 1, 2
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1103s ][ Queries: 11 (0.0093s) ][ GZIP on ]