BitShares Forum
Main => Stakeholder Proposals => Topic started by: fuzzy on January 27, 2015, 11:06:17 pm
-
http://www.ubuntu.com/usn/usn-2485-1/
Is this on anyone's radar?
-
All delegates should update their delegate nodes and be sure to restart bash, gdb, bitshares, python, etc.
You can check which processes are running the vulnerable libc by executing the following command after you update libc to the latest version.
lsof | grep libc | grep DEL | awk '{print $1}' | sort | uniq
This vulnerability has been in the wild since 2000!
-
Not to downplay it, this is a serious issue, but no need to panic as this should only affect "old" versions of libc, ie: < 2.18 (ubuntu 12.04, debian wheezy and older, see https://security-tracker.debian.org/tracker/CVE-2015-0235 for debian).
However, in order to compile the bitshares client you need a recent version of boost/cmake/etc. so you probably already have also a non-affected version of libc.
In any case, delegates should upgrade anyway and maintain their servers always up-to-date, that's the only way to stay reasonable secure (amongst other precautions, but staying up-to-date on security updates is the bare mininum...)