CRITICAL GNU/LINUX VULNERABILITY - Tails affected; prepare to update promptly; reboot required

https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html

https://www.debian.org/security/2016/dsa-3481

/r/netsec discussion: https://www.reddit.com/r/netsec/comments/462xx0/glibc_getaddrinfo_stackbased_buffer_overflow/

The patch is already out for Debian and some other systems, but has not yet been patched in Tails (which is based on Debian). Other relevant systems, like Whonix and in most cases Qubes, are also affected, along with virtually all other GNU/Linux systems.

This is about as bad as a vulnerability gets. Because so many programs use GlibC, including many daemons, it is strongly recommended to reboot to ensure the update is applied.

Don't be caught on the internet with this thing un-patched if you can help it.


Comments


[12 Points] None:

TOR OVER VPN TIME, WINDOWS 7 BROWsING INCOMINg


[10 Points] xcoderbot1:

OP read the phrase "buffer overflow" and freaked out. In order for these functions to be exploitable application services have to make use of them and as the Debian analysis shows they aren't. Also the linux dev clearly stated that the patch is to cover future vulnerabilities. Just run regular OS updates and you will be fine. People really need to take the time to read shit and think critically.


[6 Points] None:

[deleted]


[7 Points] lordredvampire:

Run around in circles like a tard and screech like a fire alarm.


[4 Points] izzlvd:

This might not be so bad for Tails since Tor clients generally don't do direct DNS queries. Tor tranports the hostname to the exit node, who resolves it for you.

Direct client side DNS requests are routed through Tor's DNSport (which might be vulnerable to the requesting application, depending on how Tor handles it), but most of tails preconfigured applications don't do this.


[2 Points] None:

so essentially anyone using tails even the more recent versions could still be fucked? since they would be running the version of debian before patch


[2 Points] None:

Sticky this shit


[2 Points] one_away:

ELI5 ?


[1 Points] chinathrowmeaway:

bruh im fucking stupid, someone explain this to me


[1 Points] fuckingnameshit:

Go steal code from openbsd, that usually solves the security problems.


[1 Points] porncatcher:

For people who don't understand.

http://arstechnica.com/security/2016/02/extremely-severe-bug-leaves-dizzying-number-of-apps-and-devices-vulnerable/


[1 Points] GNAR-TheBarGoblin:

We should ALL move to Belize.


[1 Points] Tossingthislatertho:

Idk what any of that means.

  1. is it safe for me to order through tails?

  2. if not now soon will I be able to?


[-1 Points] None:

[deleted]