I just tested my Debian linode after an apt-get clean, update, dist-upgrade, and the test program says it is not vulnerable. The upgrade did install some glibc patches. However, I have glibc 2.13 running. Should I be concerned?

I found a c program on a site talking about the ghost issue and used it to test my system.
http://www.cyberciti.biz/faq/cve-2015-0235-patch-ghost-on-debian-ubuntu-fedora-centos-rhel-linux/

mark@swordfish:~/ghost-test$ ldd --version
ldd (Debian EGLIBC 2.13-38+deb7u7) 2.13

I am running Debian GNU/Linux 7 (wheezy).

Thanks,

Mark

On Wed, Jan 28, 2015 at 11:40 AM, Michael Butash <michael@butash.net> wrote:

Problem is I'm finding this morning all the hardware vendors that use linux under their os, which is pretty much all of them these days from a few $100k routers and switches to my dd-wrt box at home, even storage, firewalls, etc. Clients want a fix, now waiting on the vendors again. :\

Shellshock was the same way, some cases took weeks. Funny how my Cisco's and Arista's are vulnerable to things like shellshock, but my dd-wrt box wasn't. I don't think so lucky with this one though.

-mb

On 01/28/2015 10:35 AM, Michael Havens wrote:

From the mint forums:

Linux Mint 17, or in fact any distro with glibc newer than 2.17, wasn't vulnerable to this. (First ISO of Linux Mint 17 already shipped with glibc 2.19.)

:-)~MIKE~(-:

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss