Linux News
The world is talking about GNU/Linux and Free/Open Source Software

Login

If you don't have an account yet, visit the registration page to sign up.

If you already have an account, you may login here:

Today's Big Story

5 Windows-Like Linux Distros You Should Try Out

LXer Features

Linux That's Small

Encryption, Trust, and the Hidden Dangers of Vendor-Controlled Data

My Linux Mint Tribute

How I Turned My Chromebook Into A "Mintbook"

Adventures With My New Chromebook

My Linux Laptop

Have something to say?

Ready to be published? LXer is read by around 350,000 individuals each month, and is an excellent place for you to publish your ideas, thoughts, reviews, complaints, etc. Do you have something to say to the Linux community?

Publish it here.

DaniWeb Linux Community
An exciting professional discussion group about software development, php, shell scripting, networking, ruby, and more.

Latest Discussions

Anyone remember Distrotest.net? I found a new one!

Site Menu

Other News

- LWN.net
Their weekly coverage of Linux news is unmatched in this community.

- LinuxGizmos.com
Excellent news for embedded Linux.

- LinuxQuestions.org
Discussion forums for Linux users.

LinuxQuestions.org is a friendly and active Linux Community with forums, reviews, a hardware compatibility list, a wiki, tutorials, a download site, a podcast and more.

Neither is any Linux system that has its security patches up

Story: FreeBSD, Variants Not Affected by Recent GNU Bug

Total Replies: 9

Author	Content
BFM Feb 18, 2016 11:50 PM EDT	By the time something like this recent glibc problem hits these and other pages the bugs have been patched. We run Scientific Linux, Fedora, and Mint in our shop. They have all been patched. I get really tired of of people trying to move uninformed users to their favored solution because of problems that no longer exist.
dotmatrix Feb 19, 2016 10:14 AM EDT	I'm not so sure there weren't already problems. The bug affected DNS queries, and I've noticed plenty of oddities in DNS queries in the last few days. Perhaps some of those problems were related to the bug as 'bad actors' tried to compromise unpatched systems. Since much of the Internet runs GNU/Linux -- that's an awful lot of servers. And there are also an awful lot of GNU/Linux consumer grade routers that may be affected. Most of those routers will probably remain unpatched and continue to be affected. Be sure to watch for news items in the next year or so about consumer routers being compromised due to this bug. The bug may also serve as a wake up call to start rolling out DNSSEC. A full DNSSEC resolver would check the crypto signatures and 'null' the bug's effect.
notbob Feb 19, 2016 11:22 AM EDT	> The bug affected DNS queries, and I've noticed plenty of oddities in DNS queries in the last few days. Is that why I've been getting LXer's provider's website instead of the official LXer site? Heck, fer three days I though LXer let its domain name expire and the site was gone. What's up with that?
seatex Feb 19, 2016 11:51 AM EDT	> Heck, fer three days I though LXer let its domain name expire and the site was gone. Same here, and I thought the same thing.
dotmatrix Feb 19, 2016 12:08 PM EDT	This particular website is troublesome with DNS problems. Since there is no encryption, all login usernames and paswords are transmitted in clear text. This is not the best way to do things, but I only login from my own network so it's unlikely that there are too many snoopers capturing my login information. However, if the DNS records have been redirected for a few hours or so -- that very well could mean that many logins at Lxer are now compromised. I don't want to tell people how to do things, but Lxer should really be using TLS to protect login information. If there is a problem with using StartSSL certs, Lets Encrypt certs work to encrypt the traffic - and that would be a start. On the up side, it's likely that Lxer is not a big target for compromise. However, I definitely wouldn't recommend logging in here using a public unencrypted wifi connection.
CFWhitman Feb 19, 2016 3:03 PM EDT	"And there are also an awful lot of GNU/Linux consumer grade routers that may be affected. Most of those routers will probably remain unpatched and continue to be affected. Be sure to watch for news items in the next year or so about consumer routers being compromised due to this bug." The vast majority of Linux based consumer routers use either uClibc or musl rather than glibc and are thus unaffected by this bug.
dotmatrix Feb 19, 2016 3:35 PM EDT	Well... I didn't look carefully through the list, but here's Cisco's statement: Much of it looks like commercial product. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160218-glibc
JaseP Feb 19, 2016 5:42 PM EDT	Yeah,... This bug only affected full blown GNU distros for the most part (including full distros used in commercial grade routing equipment). All embedded devices, including Android, were unaffected. It's once again "much ado about nothing."
jdixon Feb 22, 2016 12:14 AM EDT	Slackware's version of glibc isn't affected. There are sometimes advantages to not using the latest and greatest.
CFWhitman Feb 22, 2016 3:01 PM EDT	If you scroll down in the Cisco page to where it lists a chart of vulnerable products and hit "More..." it also gives a list of products confirmed not to be vulnerable, which is longer. By what you said I think you may have already noticed that the products listed as vulnerable are heavier duty products that do extra server or media related tasks, and thus use a heavier distribution of Linux which has glibc. That is, products aimed at businesses are more likely to have the vulnerability than consumer grade products (and, coincidentally, more likely to receive a patch).

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!

Linux NewsThe world is talking about GNU/Linux and Free/Open Source Software