[SATLUG] glibc GHOST vulnerability - older glibc patches available?

David Salisbury david.salisbury at momentumweb.com
Fri Jan 30 11:27:42 CST 2015


Has anybody heard yet if GNU will be patching older versions of glibc, 
like they did with bash re: shellshock, in light of this recently 
published glibc vulnerability (http://www.kb.cert.org/vuls/id/967332)?  
I've got a particular older box that can't easily be upgraded with 
packages and needs to be patched manually.

The original patch that fixed things in the modern glibc version line 
back in 2013 can be found here:
https://sourceware.org/git/?p=glibc.git;a=commit;h=d5dd6189d506068ed11c8bfa1e1e9bffde04decd

But there are lots of changes to the affected files over the years that 
would have to be added and those changes could obviously affect other 
things related to older glibc if things outside the digits_dots.c file 
had changed.

I wonder if there's a simple patch that has been/could be done to the 
__nss_hostname_digits_dots() function for older glibc versions??
-David



More information about the SATLUG mailing list