Re: glibc bug - time to patch

2015-01-28 Thread Gene Heskett
On Wednesday 28 January 2015 09:29:42 Lisi Reisz did opine And Gene did reply: > On Wednesday 28 January 2015 14:27:18 Lisi Reisz wrote: > > On Wednesday 28 January 2015 13:25:20 i...@thargoid.co.uk wrote: > > > On 2015-01-28 12:27, Peter Viskup wrote: > > > > before considering downtimes and patch

Re: glibc bug - time to patch

2015-01-28 Thread Lisi Reisz
On Wednesday 28 January 2015 14:31:23 Jochen Spieker wrote: > Lisi Reisz: > > On Wednesday 28 January 2015 13:25:20 i...@thargoid.co.uk wrote: > >>> https://www.debian.org/security/2015/dsa-3142 > >>> http://seclists.org/oss-sec/2015/q1/283 > >>> > >>> especially the second link mention network-fac

Re: glibc bug - time to patch

2015-01-28 Thread Jochen Spieker
Lisi Reisz: > On Wednesday 28 January 2015 13:25:20 i...@thargoid.co.uk wrote: >>> >>> https://www.debian.org/security/2015/dsa-3142 >>> http://seclists.org/oss-sec/2015/q1/283 >>> >>> especially the second link mention network-facing software which is not >>> vulnerable due to proper sanitizatio

Re: glibc bug - time to patch

2015-01-28 Thread Lisi Reisz
On Wednesday 28 January 2015 14:27:18 Lisi Reisz wrote: > On Wednesday 28 January 2015 13:25:20 i...@thargoid.co.uk wrote: > > On 2015-01-28 12:27, Peter Viskup wrote: > > > before considering downtimes and patching activities on production > > > servers > > > read these: > > > > > > http://secli

Re: glibc bug - time to patch

2015-01-28 Thread Lisi Reisz
On Wednesday 28 January 2015 13:25:20 i...@thargoid.co.uk wrote: > On 2015-01-28 12:27, Peter Viskup wrote: > > before considering downtimes and patching activities on production > > servers > > read these: > > > > https://www.debian.org/security/2015/dsa-3142 > > http://seclists.org/oss-sec/2015/q

Re: glibc bug - time to patch

2015-01-28 Thread iain
On 2015-01-28 12:27, Peter Viskup wrote: before considering downtimes and patching activities on production servers read these: https://www.debian.org/security/2015/dsa-3142 http://seclists.org/oss-sec/2015/q1/283 especially the second link mention network-facing software which is not vulnerab

Re: glibc bug - time to patch

2015-01-28 Thread Peter Viskup
before considering downtimes and patching activities on production servers read these: https://www.debian.org/security/2015/dsa-3142 http://seclists.org/oss-sec/2015/q1/283 especially the second link mention network-facing software which is not vulnerable due to proper sanitization out of glibc.

glibc bug - time to patch

2015-01-28 Thread iain
Hey all, For those that do not know about this yet, seems that glibc has a nasty bug in it that should probably be patched. Wheezy and squeeze vulnerable, but all you bleeding edge folk should be ok as Jessie and sid seems fine https://security-tracker.debian.org/tracker/CVE-2015-0235 Che