On 06/10/2015 06:28 AM, Carlos E. R. wrote:
On 2015-06-10 06:04, Lew Wolfgang wrote:
On 06/09/2015 08:14 PM, Carlos E. R. wrote:
Why then wouldn't glibc get updated? Was it backported, or are the vulnerabilities still there in 13.1? It looks to me that the patch for 13.1 is patch openSUSE-2015-383=1, producing glibc-2.18-4.32.1 and glibc-32bit-2.18-4.32.2 (and that's what I have installed).
And it covers the same issues as published in the tenable link, it is that patch.
As far as I can see, glibc was updated. Possibly Tenable is confused with glibc-32bit and other rpms, which are version 2.18-4.32.2. I don't think they should be looking at that last digit.
Thanks Carlos, I also think Tenable is "confused" about the version numbers. This is similar to confusion they have with the bash version that fixed the ShellShock vulnerabilities for 13.2 last September. I'll use your response in my mitigation write-up for the Tenable finding. BTW, all this monkey-motion is being caused by the "Information Assurance" bureaucrats in certain sectors who favour process over performance. As silly as much of it is, Information Assurance is the New Black, and we need to prepare to greet our new overlords. Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org