similar to: CVE-2015-0235 - glibc gethostbyname

On Tue, January 27, 2015 1:58 pm, Peter Lawler wrote: > On 28/01/15 04:47, Always Learning wrote: >> >> Saw this on the Exim List:- >> > <SNIP> >> >> I use Exim on C5 and C6 - should I be worried about Exim on C6 ? >> > > upstream references: > https://rhn.redhat.com/errata/RHSA-2015-0092.html When I read this I read that it is fixed in

Packages are being built for CentOS 5, 6 & 7 at the moment: https://twitter.com/CentOS/status/560128242682966017 & https://twitter.com/CentOS/status/560138182441070592 On 27 January 2015 at 20:22, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: > > On Tue, January 27, 2015 1:58 pm, Peter Lawler wrote: > > On 28/01/15 04:47, Always Learning wrote: > >> >

On Tue, January 27, 2015 2:35 pm, Thomas Eriksson wrote: > On 01/27/2015 12:22 PM, Valeri Galtsev wrote: >> >> On Tue, January 27, 2015 1:58 pm, Peter Lawler wrote: >>> On 28/01/15 04:47, Always Learning wrote: >>>> >>>> Saw this on the Exim List:- >>>> >>> <SNIP> >>>> >>>> I use Exim on C5 and C6 -

On 01/27/2015 12:22 PM, Valeri Galtsev wrote: > > On Tue, January 27, 2015 1:58 pm, Peter Lawler wrote: >> On 28/01/15 04:47, Always Learning wrote: >>> >>> Saw this on the Exim List:- >>> >> <SNIP> >>> >>> I use Exim on C5 and C6 - should I be worried about Exim on C6 ? >>> >> >> upstream references:

On 28/01/15 04:47, Always Learning wrote: > > Saw this on the Exim List:- > <SNIP> > > I use Exim on C5 and C6 - should I be worried about Exim on C6 ? > upstream references: https://rhn.redhat.com/errata/RHSA-2015-0092.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235 Note that in the openwall.com URL you provided

All, Please excuse any ignorance in this e-mail as I am not a RH/CentOS/Fedora user and may blunder my way through the correct terminology for my request. I'm tasked with reconstructing the CentOS version of the GlibC library for testing with gethostbyname(). My mission is to show that we are not affected by the latest exploit for the product we are shipping targeted for RHEL and CentOS.

----- Original Message ----- > From: "Simon Banton" <centos at web.org.uk> > To: "CentOS mailing list" <centos at centos.org> > Sent: Wednesday, January 28, 2015 6:10:34 AM > Subject: Re: [CentOS] CVE-2015-0235 - glibc gethostbyname > > Hi, > > For reasons which are too tiresome to bore you all with, I have an > obligation to look after

Hi, For reasons which are too tiresome to bore you all with, I have an obligation to look after a suite of legacy CentOS 4.x systems which cannot be migrated upwards. I note on https://access.redhat.com/articles/1332213 the following comment from a RHN person: >We are currently working on and testing errata for RHEL 4, we will >post an update for it as soon as it's ready. Thank

> > I'm tasked with reconstructing the CentOS version of the GlibC library for testing with > > gethostbyname(). My mission is to show that we are not affected by the latest exploit for > > the product we are shipping targeted for RHEL and CentOS. To do so, I want to equip > > gethostbyname() with additional code. > > Do you plan on shipping this updated glibc

On 03/02/2015 11:00 AM, Johnny Hughes wrote: > On 03/02/2015 10:38 AM, ANDY KENNEDY wrote: >>>> I'm tasked with reconstructing the CentOS version of the GlibC library for testing with >>>> gethostbyname(). My mission is to show that we are not affected by the latest exploit for >>>> the product we are shipping targeted for RHEL and CentOS. To do so, I

On 02/27/2015 12:49 PM, ANDY KENNEDY wrote: > All, > > Please excuse any ignorance in this e-mail as I am not a RH/CentOS/Fedora user and may > blunder my way through the correct terminology for my request. No problem. > I'm tasked with reconstructing the CentOS version of the GlibC library for testing with > gethostbyname(). My mission is to show that we are not affected

CentOS Errata and Security Advisory 2015:0016 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0016.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 24e8a54841d2f60b571da54c41c8b5e90713c920aa6b8d5fea15f4c59028393d glibc-2.12-1.149.el6_6.4.i686.rpm

Package: xen Severity: grave Tags: security Please see http://www.openwall.com/lists/oss-security/2012/07/26/4 Cheers, Moritz

Hi. I had working Exim 4.71 and Dovecot 1.2.9 SASL configuration on Ubuntu Lucid, but needed some features from dovecot2, so I installed 2.0.13 from https://launchpad.net/~carsten-uppenbrink-net/+archive/dovecot2 . Now I get Subj error while trying to authenticate via dovecot auth-client socket. However IMAP auth works fine with 2.0.13 and smtp auth worked fine until upgrade, so I think

Hi, I've launched a "yum upgrade" command on a CentOS6 laptop which has updated nearly 600 packages. Automatic updates were not working because of a conflict on a package. So the laptop is now uptodate but the camera did not works after this. The message is: kernel: uvcvideo: Failed to query (GET_DEF) UVC control 6 on unit 2: -110 (exp. 2). The camera is detected as USB,

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-3515 / XSA-17 version 2 Qemu VT100 emulation vulnerability UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The device model used by fully virtualised (HVM) domains, qemu, does not properly handle escape VT100

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-3515 / XSA-17 version 2 Qemu VT100 emulation vulnerability UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The device model used by fully virtualised (HVM) domains, qemu, does not properly handle escape VT100

Hi, Lately, the system log on my CentOS 5 box, with all the latest updates, have started filling up with messages of the form: Jan 24 09:47:26 i58524 rpc.statd[3452]: gethostbyname error for i58524 Jan 24 09:47:26 i58524 rpc.statd[3452]: STAT_FAIL to i58524 for SM_MON of 10.30.39.59 Jan 24 09:47:26 i58524 kernel: lockd: cannot monitor 10.30.39.59 It does not seem like there is really anything

> Ok, I've just checked doing the same thing under windows. > > The test(ripdaveno is the name of the Computer I tested on): > > { > ... > hostent* h = gethostbyname("ripdaveno"); > char* str = inet_ntoa(*((in_addr*)h->h_addr_list[0])); > ... > } > > The string in str was "192.168.2.75" which is my Network IP-Adress. With >

So just a quick note: Dovecot in general doesn't do DNS lookups, except the ones in configuration files and such. So I don't think there are any Dovecot setups which do DNS lookups for untrusted hostnames. Also, gethostbyname() is used only if IPv6 support isn't compiled into Dovecot. And IPv6 support is enabled by default if the libc is detected to support it, so pretty much all