Buffer overflow bug in GNU C's getaddrinfo()
Is this something that we need to worry about? Extremely severe bug leaves dizzying number of software and devices vulnerable http://arstechnica.com/security/2016/02/extremely-severe-bug-leaves-dizzying...
On Feb 17, 2016, at 10:44, MRAB <python@mrabarnett.plus.com> wrote:
Is this something that we need to worry about?
Extremely severe bug leaves dizzying number of software and devices vulnerable http://arstechnica.com/security/2016/02/extremely-severe-bug-leaves-dizzying...
Is there a workaround that Python and/or Python apps should be doing, or is this just a matter of everyone on glibc 2.9+ needs to update their glibc?
Does python.org serve any Python binaries that are statically linked with a vulnerable glibc? That seems to be the question. If not, it's up to the downstream distributions. On Wed, Feb 17, 2016 at 12:09 PM, Andrew Barnert via Python-Dev <python-dev@python.org> wrote:
On Feb 17, 2016, at 10:44, MRAB <python@mrabarnett.plus.com> wrote:
Is this something that we need to worry about?
Extremely severe bug leaves dizzying number of software and devices vulnerable http://arstechnica.com/security/2016/02/extremely-severe-bug-leaves-dizzying...
Is there a workaround that Python and/or Python apps should be doing, or is this just a matter of everyone on glibc 2.9+ needs to update their glibc?
_______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/guido%40python.org
-- --Guido van Rossum (python.org/~guido)
On Wed, Feb 17, 2016 at 12:12 PM Andrew Barnert via Python-Dev < python-dev@python.org> wrote:
On Feb 17, 2016, at 10:44, MRAB <python@mrabarnett.plus.com> wrote:
Is this something that we need to worry about?
Extremely severe bug leaves dizzying number of software and devices
vulnerable
http://arstechnica.com/security/2016/02/extremely-severe-bug-leaves-dizzying...
Is there a workaround that Python and/or Python apps should be doing, or is this just a matter of everyone on glibc 2.9+ needs to update their glibc?
There are no workarounds that we could put within Python. People need to update their glibc and reboot. All *useful(*)* Linux distros have already released update packages. All of the infrastructure running Linux needs the update applied and a reboot (I'm guessing our infrastructure peeps have already done that). But this also includes Linux buildbots run by our random set of buildbot donors. -gps (*) off topic: Raspbian Wheezy is apparently not on the useful list.
participants (4)
-
Andrew Barnert -
Gregory P. Smith -
Guido van Rossum -
MRAB