Author Topic: USN-2485-1: GNU C Library vulnerability  (Read 1627 times)

0 Members and 1 Guest are viewing this topic.

Offline wackou

Not to downplay it, this is a serious issue, but no need to panic as this should only affect "old" versions of libc, ie: < 2.18 (ubuntu 12.04, debian wheezy and older, see https://security-tracker.debian.org/tracker/CVE-2015-0235 for debian).

However, in order to compile the bitshares client you need a recent version of boost/cmake/etc. so you probably already have also a non-affected version of libc.

In any case, delegates should upgrade anyway and maintain their servers always up-to-date, that's the only way to stay reasonable secure (amongst other precautions, but staying up-to-date on security updates is the bare mininum...)
Please vote for witness wackou! More info at http://digitalgaia.io

Offline robrigo

All delegates should update their delegate nodes and be sure to restart bash, gdb, bitshares, python, etc.

You can check which processes are running the vulnerable libc by executing the following command after you update libc to the latest version.

Code: [Select]
lsof | grep libc | grep DEL | awk '{print $1}' | sort | uniq

This vulnerability has been in the wild since 2000!

Offline fuzzy

WhaleShares==DKP; BitShares is our Community! 
ShareBits and WhaleShares = Love :D