Mailinglist Archive: opensuse (1470 mails)

< Previous Next >
Re: [opensuse] Now what? Glibc bug, vulnerability
On Wed, Feb 17, 2016 at 08:47:55PM +0100, MarkusGMX wrote:
Am 17/02/16 um 19:56 schrieb Greg Freemyer:
On Wed, Feb 17, 2016 at 12:00 AM, Stevens <fred-n-sandy@xxxxxxxxxxxxxxx>
wrote:
Extremely severe bug leaves dizzying number of software and devices
vulnerable
Since 2008, vulnerability has left apps and hardware open to remote
hijacking.

by Dan Goodin - Feb 16, 2016

http://arstechnica.com/security/2016/02/extremely-severe-bug-leaves-dizzying-number-of-apps-and-devices-vulnerable/

Now what?


I read that article. It's not clear if an exploit other than crashing
a piece of software has been developed.

Does anyone know if an exploit that allows remote access to data is
possible? You may remember the heartbleed exploit allowed random bits
of RAM to be accessed. By doing that thousands of times an attacker
was often able to get private security keys that were in RAM. That's
the sort of known exploit I'm asking about.

Thanks
Greg



Which OpenSuSE versions will get a fix for CVE-2015-7547 and when?

Leap has received the update this morning.

13.2 is still building due to secondary architectures (ppc, aarch64) being slow.

A Tumbleweed request is also open, unclear how fast it will pass through the
integration infrastructure.

Ciao, MArcus
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >