Many Millions of Linux are affected by this security hole #2

Message

greengeek · #16 Post by **greengeek** » Thu 18 Feb 2016, 18:14

Flash wrote:What is the practical danger, that you could go to a URL without realizing it?

The article that anikin linked above says:

Researchers have discovered a potentially catastrophic flaw in one of the Internet's core building blocks that leaves hundreds or thousands of apps and hardware devices vulnerable to attacks that can take complete control over them.

which makes it sound more serious than just a misplaced redirect.

Interesting that the RedHat fellas knew about it and didn't pass the info on to other Linux devs.

greengeek · #17 Post by **greengeek** » Thu 18 Feb 2016, 18:17

Dingo wrote:..so, puppy 3.01 with its GNU C Library stable release version 2.5 is secure?

Do you have a 3.01 puppy iso that you could recommend?

rufwoof · #18 Post by **rufwoof** » Thu 18 Feb 2016, 21:02

Dingo wrote:I remember I read that only GNU C Libraries since 2.9 are affected

so, puppy 3.01 with its

GNU C Library stable release version 2.5

is secure?

Anything compiled with pre 2.9 GNU C libs would not have the flaw - but being relatively old could contain other flaws! Also, even though you might be running a pup compiled with pre 2.9 libs, other programs might have been compiled using 2.9 or later. Bitcoin, Teamviewer (not saying they have, just using them as possible examples).

6502coder · #19 Post by **6502coder** » Thu 18 Feb 2016, 23:42

Just guessing, but the claim that gazillions of programs are affected is probably counting programs that use the libc shared libraries. In that case, fixing the shared libs should generally "fix" the program. Programs that were statically compiled of course are SOL and would have to be recompiled.

jss83 · #20 Post by **jss83** » Fri 19 Feb 2016, 18:31

What deb files for tahrpup? I can't find them.

anikin · #21 Post by **anikin** » Fri 19 Feb 2016, 20:43

jss83 wrote:What deb files for tahrpup? I can't find them.

Look here:
http://packages.ubuntu.com/trusty/libc-bin
http://packages.ubuntu.com/trusty/libc6

jss83 · #22 Post by **jss83** » Sat 20 Feb 2016, 07:05

anikin wrote:
jss83 wrote:What deb files for tahrpup? I can't find them.
Look here:
http://packages.ubuntu.com/trusty/libc-bin
http://packages.ubuntu.com/trusty/libc6

Thanks

cimarron · #23 Post by **cimarron** » Sat 20 Feb 2016, 14:35

All the computers on our network here sit behind a router running DD-WRT, which I'm told does not use glibc. And DNS lookups on all computers are directed through the router to OpenDNS servers. Apparently using OpenDNS avoids the glibc vulnerability:

https://engineering.opendns.com/2016/02/17/2980/

Anyone know enough about the problem to verify this?

Sky Aisling · #24 Post by **Sky Aisling** » Sat 20 Feb 2016, 20:13

Here is some more information.

http://www.bbc.com/news/technology-35592916

(Article says bug may effect 1,000s of devices, more like millions of devices.)

gcmartin · #25 Post by **gcmartin** » Mon 22 Feb 2016, 16:48

Wrongly posted. MOVED!

gcmartin · #26 Post by **gcmartin** » Mon 22 Feb 2016, 16:51

Wrongly posted. MOVED!

LazY Puppy · #27 Post by **LazY Puppy** » Mon 22 Feb 2016, 22:38

Many Millions and even more Millions of Humans are affected by these Security Holes:

1. A weak body / soft skin - can not resist blades, bullets, rockets or bombs.
2. A weak mind - can be corrupted and compromised by money / authorities.
3. A organ called: heart - can be switched on / off by a heavy punch on the chest.
4. Multiple veins overall inside the weak body - sometimes they can clog and then causing main system failure.
5. A complex brain structure - can have shortcuts and causing you having ticks (Tourette Syndrom) - in a lower case/level.
6. A complex brain structure - can have shortcuts and causing you cognitive disability but the Savant Syndrome - in a mid case/level.
7. A complex brain structure - can have shortcuts and causing you hearing voices telling you to commit murder or mass-murder - in a upper case/level.

These Security Holes (assuming there are more) have been existing for thousands of years, but there's still no security update available!

So what are you talking about here?

Does this mean Windows seems to be proprietary crap (sometimes) but GNU/Linux is open source crap? Will Humans then just be GOD's crap?

What is the benefit of the often highlighted security of GNU/Linux / Open Source, if nobody is watching the code for years or decades?

Note: who's bend to any kinds of network will surely going to die connected to such network! Maybe, one day, your network will lock you completely out of your home.

Burn_IT · #28 Post by **Burn_IT** » Mon 22 Feb 2016, 22:48

Linux bugs are obviously superior bugs since they are open source! and tested by so many people.

musher0 · #29 Post by **musher0** » Sun 28 Feb 2016, 12:54

Burn_IT wrote:Linux bugs are obviously superior bugs since they are open source! and tested by so many people.

Why, of course we have superior bugs ! Ha!

mcradventures · #30 Post by **mcradventures** » Fri 27 Jan 2017, 22:34

So, is the latest Slacko vulnerable?

(old)Puppy Linux Discussion Forum

(old)Puppy Linux Discussion Forum

Many Millions of Linux are affected by this security hole #2

Many Millions of Linux are affected by this security hole #2

Serious disclosure of hacks built into distros

Serious disclosure of hacks built into distros