Re: [tlug] Chasing the GHOST in my machine

[Brandon Merjil <bmerjil@example.com>]

Hi all,
So I have done a test with my Centos sandbox environment.
Using lsof, I pulled up the libraries in use by the package that was to be replaced.
I then ran the update.
Immediately, any binary that was not in use was removed from memory to release the library, and any that were active restarted with the new library and attached to a new node.
YMMV, but it seems to me that since Linux loads libraries in memory instead of locking the file, there should not be an issue.

- Brandon

On Jan 30, 2015 3:42 PM, "Jens Oliver John" <lists@example.com> wrote:

On Fri, Jan 30, 2015 at 08:31:36AM +0900, CL wrote:
> Is there a simple way to tell whether I have the patched version or still need
> to do something more (like download and run 2.19 from a Sid repository)?

https://security-tracker.debian.org/tracker/CVE-2015-0235 tells you exactly
which versions are fixed and which are not. For GHOST/CVE-2015-0235,
2.13-38+deb7u7 is marked as 'fixed'.

Best regards,
Jens.

--
To unsubscribe from this mailing list,
please see the instructions at http://lists.tlug.jp/list.html

The TLUG mailing list is hosted by ASAHI Net, provider of mobile and
fixed broadband Internet services to individuals and corporations.
Visit ASAHI Net's English-language Web page: http://asahi-net.jp/en/