Displaying 20 results from an estimated 3000 matches similar to: "CVE-2015-0235 - glibc gethostbyname"
2015 Jan 27
4
CVE-2015-0235 - glibc gethostbyname
On Tue, January 27, 2015 1:58 pm, Peter Lawler wrote:
> On 28/01/15 04:47, Always Learning wrote:
>>
>> Saw this on the Exim List:-
>>
> <SNIP>
>>
>> I use Exim on C5 and C6 - should I be worried about Exim on C6 ?
>>
>
> upstream references:
> https://rhn.redhat.com/errata/RHSA-2015-0092.html
When I read this I read that it is fixed in
2015 Jan 27
0
CVE-2015-0235 - glibc gethostbyname
Packages are being built for CentOS 5, 6 & 7 at the moment:
https://twitter.com/CentOS/status/560128242682966017 &
https://twitter.com/CentOS/status/560138182441070592
On 27 January 2015 at 20:22, Valeri Galtsev <galtsev at kicp.uchicago.edu>
wrote:
>
> On Tue, January 27, 2015 1:58 pm, Peter Lawler wrote:
> > On 28/01/15 04:47, Always Learning wrote:
> >>
>
2015 Jan 27
2
CVE-2015-0235 - glibc gethostbyname
On Tue, January 27, 2015 2:35 pm, Thomas Eriksson wrote:
> On 01/27/2015 12:22 PM, Valeri Galtsev wrote:
>>
>> On Tue, January 27, 2015 1:58 pm, Peter Lawler wrote:
>>> On 28/01/15 04:47, Always Learning wrote:
>>>>
>>>> Saw this on the Exim List:-
>>>>
>>> <SNIP>
>>>>
>>>> I use Exim on C5 and C6 -
2015 Jan 27
0
CVE-2015-0235 - glibc gethostbyname
On 01/27/2015 12:22 PM, Valeri Galtsev wrote:
>
> On Tue, January 27, 2015 1:58 pm, Peter Lawler wrote:
>> On 28/01/15 04:47, Always Learning wrote:
>>>
>>> Saw this on the Exim List:-
>>>
>> <SNIP>
>>>
>>> I use Exim on C5 and C6 - should I be worried about Exim on C6 ?
>>>
>>
>> upstream references:
2015 Jan 27
0
CVE-2015-0235 - glibc gethostbyname
On 28/01/15 04:47, Always Learning wrote:
>
> Saw this on the Exim List:-
>
<SNIP>
>
> I use Exim on C5 and C6 - should I be worried about Exim on C6 ?
>
upstream references:
https://rhn.redhat.com/errata/RHSA-2015-0092.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235
Note that in the openwall.com URL you provided
2015 Feb 27
7
Glibc sources?
All,
Please excuse any ignorance in this e-mail as I am not a RH/CentOS/Fedora user and may
blunder my way through the correct terminology for my request.
I'm tasked with reconstructing the CentOS version of the GlibC library for testing with
gethostbyname(). My mission is to show that we are not affected by the latest exploit for
the product we are shipping targeted for RHEL and CentOS.
2015 Jan 28
2
CVE-2015-0235 - glibc gethostbyname
----- Original Message -----
> From: "Simon Banton" <centos at web.org.uk>
> To: "CentOS mailing list" <centos at centos.org>
> Sent: Wednesday, January 28, 2015 6:10:34 AM
> Subject: Re: [CentOS] CVE-2015-0235 - glibc gethostbyname
>
> Hi,
>
> For reasons which are too tiresome to bore you all with, I have an
> obligation to look after
2015 Jan 28
0
CVE-2015-0235 - glibc gethostbyname
Hi,
For reasons which are too tiresome to bore you all with, I have an
obligation to look after a suite of legacy CentOS 4.x systems which
cannot be migrated upwards.
I note on https://access.redhat.com/articles/1332213 the following
comment from a RHN person:
>We are currently working on and testing errata for RHEL 4, we will
>post an update for it as soon as it's ready. Thank
2015 Mar 02
2
Glibc sources?
> > I'm tasked with reconstructing the CentOS version of the GlibC library for testing with
> > gethostbyname(). My mission is to show that we are not affected by the latest exploit for
> > the product we are shipping targeted for RHEL and CentOS. To do so, I want to equip
> > gethostbyname() with additional code.
>
> Do you plan on shipping this updated glibc
2015 Mar 02
2
Glibc sources?
On 03/02/2015 11:00 AM, Johnny Hughes wrote:
> On 03/02/2015 10:38 AM, ANDY KENNEDY wrote:
>>>> I'm tasked with reconstructing the CentOS version of the GlibC library for testing with
>>>> gethostbyname(). My mission is to show that we are not affected by the latest exploit for
>>>> the product we are shipping targeted for RHEL and CentOS. To do so, I
2015 Mar 01
0
Glibc sources?
On 02/27/2015 12:49 PM, ANDY KENNEDY wrote:
> All,
>
> Please excuse any ignorance in this e-mail as I am not a RH/CentOS/Fedora user and may
> blunder my way through the correct terminology for my request.
No problem.
> I'm tasked with reconstructing the CentOS version of the GlibC library for testing with
> gethostbyname(). My mission is to show that we are not affected
2015 Jan 07
0
CESA-2015:0016 Moderate CentOS 6 glibc Security Update
CentOS Errata and Security Advisory 2015:0016 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0016.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
24e8a54841d2f60b571da54c41c8b5e90713c920aa6b8d5fea15f4c59028393d glibc-2.12-1.149.el6_6.4.i686.rpm
2012 Jul 30
5
Bug#683279: CVE-2012-3432
Package: xen
Severity: grave
Tags: security
Please see
http://www.openwall.com/lists/oss-security/2012/07/26/4
Cheers,
Moritz
2011 Jun 28
3
Exim and Dovecot2 SASL: 435 Unable to authenticate at present
Hi. I had working Exim 4.71 and Dovecot 1.2.9 SASL configuration on
Ubuntu Lucid, but needed some features from dovecot2, so I installed
2.0.13 from
https://launchpad.net/~carsten-uppenbrink-net/+archive/dovecot2 . Now I
get Subj error while trying to authenticate via dovecot auth-client
socket. However IMAP auth works fine with 2.0.13 and smtp auth worked
fine until upgrade, so I think
2015 Jan 09
3
Camera doesn't works after "yum upgrade"
Hi,
I've launched a "yum upgrade" command on a CentOS6 laptop which has updated
nearly 600 packages. Automatic updates were not working because of a conflict on
a package.
So the laptop is now uptodate but the camera did not works after this. The
message is:
kernel: uvcvideo: Failed to query (GET_DEF) UVC control 6 on unit 2: -110 (exp. 2).
The camera is detected as USB,
2012 Sep 05
7
Xen Security Advisory 17 (CVE-2012-3515) - Qemu VT100 emulation vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Xen Security Advisory CVE-2012-3515 / XSA-17
version 2
Qemu VT100 emulation vulnerability
UPDATES IN VERSION 2
====================
Public release.
ISSUE DESCRIPTION
=================
The device model used by fully virtualised (HVM) domains, qemu, does
not properly handle escape VT100
2012 Sep 05
7
Xen Security Advisory 17 (CVE-2012-3515) - Qemu VT100 emulation vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Xen Security Advisory CVE-2012-3515 / XSA-17
version 2
Qemu VT100 emulation vulnerability
UPDATES IN VERSION 2
====================
Public release.
ISSUE DESCRIPTION
=================
The device model used by fully virtualised (HVM) domains, qemu, does
not properly handle escape VT100
2012 Jan 24
0
rpc.statd: gethostbyname error for ...
Hi,
Lately, the system log on my CentOS 5 box, with all the latest updates,
have started filling up with messages of the form:
Jan 24 09:47:26 i58524 rpc.statd[3452]: gethostbyname error for i58524
Jan 24 09:47:26 i58524 rpc.statd[3452]: STAT_FAIL to i58524 for SM_MON
of 10.30.39.59
Jan 24 09:47:26 i58524 kernel: lockd: cannot monitor 10.30.39.59
It does not seem like there is really anything
2005 Dec 13
0
Re: gethostbyname(my_name) and IL2-Sturmovik
> Ok, I've just checked doing the same thing under windows.
>
> The test(ripdaveno is the name of the Computer I tested on):
>
> {
> ...
> hostent* h = gethostbyname("ripdaveno");
> char* str = inet_ntoa(*((in_addr*)h->h_addr_list[0]));
> ...
> }
>
> The string in str was "192.168.2.75" which is my Network IP-Adress. With
>
2015 Jan 28
0
Dovecot & gethostbyname() vulnerability
So just a quick note:
Dovecot in general doesn't do DNS lookups, except the ones in configuration files and such. So I don't think there are any Dovecot setups which do DNS lookups for untrusted hostnames.
Also, gethostbyname() is used only if IPv6 support isn't compiled into Dovecot. And IPv6 support is enabled by default if the libc is detected to support it, so pretty much all