This is the mail archive of the
libc-help@sourceware.org
mailing list for the glibc project.
Re: glibc-2.9 CVE-2015-7547 fix
- From: Florian Weimer <fweimer at redhat dot com>
- To: Darcy Watkins <dwatkins at sierrawireless dot com>
- Cc: libc-help at sourceware dot org
- Date: Fri, 11 Mar 2016 19:15:13 +0100
- Subject: Re: glibc-2.9 CVE-2015-7547 fix
- Authentication-results: sourceware.org; auth=none
- References: <1457455604 dot 7751 dot 15 dot camel at sierrawireless dot com>
On 03/08/2016 05:46 PM, Darcy Watkins wrote:
> Someone who understands what is going on in this part of the library
> please comment to give me some insight, particularly if this change may
> be a bad idea for other reasons.
Are you actually dealing with an unpatched glibc 2.9?
That seems to be fairly unlikely because the resolver in that release
was fairly broken because it was the first one which had the parallel
lookup feature.
If it's in fact pristine 2.9, it is likely easier to go the other
direction and patch out the parallel lookup feature.
Florian