Critical glibc flaw

thomas · February 17, 2016, 8:47am

It seems there is a critical flaw in the glibc library used to compile C programs that can be used to execute malicious code on a remote machine.
The best way to be safe is to use C programs compiled only with safe versions of glibc or to setup your firewall to drop DNS UDP packets bigger than 512 bytes and to allow only 1024 bytes long TCP DNS replies.

Everything is detailed in this article: https://thehackernews.com/2016/02/glibc-linux-flaw.html

Moul · February 17, 2016, 12:35pm

Zinkie · April 17, 2016, 10:13pm

I just installed Yunohost over a fresh install of Debian 8. Is this still something to be concerned about, or has it been dealt with by updates at this stage?

thomas · April 22, 2016, 3:03pm

It seems to me that glibc has now been patched and the new version has already been made available by all the major distros, so you’re fine