This is the mail archive of the libc-help@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: glibc-2.9 CVE-2015-7547 fix

From: Florian Weimer <fweimer at redhat dot com>
To: Darcy Watkins <dwatkins at sierrawireless dot com>
Cc: libc-help at sourceware dot org
Date: Fri, 11 Mar 2016 19:15:13 +0100
Subject: Re: glibc-2.9 CVE-2015-7547 fix
Authentication-results: sourceware.org; auth=none
References: <1457455604 dot 7751 dot 15 dot camel at sierrawireless dot com>

On 03/08/2016 05:46 PM, Darcy Watkins wrote:

> Someone who understands what is going on in this part of the library
> please comment to give me some insight, particularly if this change may
> be a bad idea for other reasons.

Are you actually dealing with an unpatched glibc 2.9?

That seems to be fairly unlikely because the resolver in that release
was fairly broken because it was the first one which had the parallel
lookup feature.

If it's in fact pristine 2.9, it is likely easier to go the other
direction and patch out the parallel lookup feature.

Florian

Follow-Ups:
- Re: glibc-2.9 CVE-2015-7547 fix
  - From: Darcy Watkins

References:
- glibc-2.9 CVE-2015-7547 fix
  - From: Darcy Watkins

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]