oss-sec mailing list archives
workaround for GHOST glibc vulnerability CVE-2015-0235
From: Constantine Shulyupin <const () makelinux com>
Date: Mon, 2 Feb 2015 16:52:18 +0200
CVE-2015-0235-workaround is a shared library wrapper with additional checks for the vulnerable functions gethostbyname2_r and gethostbyname_r . The proper solution for CVE-2015-0235 is to upgrade glibc to at least glibc-2.18. In some cases, an immediate glibc upgrade is not possible, for example in custom production embedded systems, because such an upgrade requires a validation of the whole system. In such cases, this workaround provides a hot fix solution, which is easier to validate. Source code: https://github.com/makelinux/CVE-2015-0235-workaround -- Constantine Shulyupin http://www.MakeLinux.com/ Embedded Linux Systems and Device Drivers
Current thread:
- workaround for GHOST glibc vulnerability CVE-2015-0235 Constantine Shulyupin (Feb 02)
- Re: workaround for GHOST glibc vulnerability CVE-2015-0235 Florian Weimer (Feb 03)
- Re: workaround for GHOST glibc vulnerability CVE-2015-0235 Constantine Shulyupin (Feb 03)
- Re: workaround for GHOST glibc vulnerability CVE-2015-0235 Qualys Security Advisory (Feb 03)
- Re: workaround for GHOST glibc vulnerability CVE-2015-0235 Florian Weimer (Feb 03)