Discussion:
[srobo-devel] No v6 in saffron til further notice
Jeremy Morse
2016-02-16 17:00:56 UTC
Permalink
Hi,

CVE-2015-7547 was just announced, a glibc stack overflow in getaddrinfo.
It looks like everyone who might ever look closely at a v6 socket is
vulnerable, and there are no immediate patches for fedora 22. I've
disabled v6 on saffron for now, and it'll stay off until patched
packages become available.

More info:
https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html

https://isc.sans.edu/forums/diary/CVE20157547+Critical+Vulnerability+in+glibc+getaddrinfo/20737/

--
Thanks,
Jeremy
--
You received this message because you are subscribed to the Google Groups "Student Robotics Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to srobo-devel+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Rob Spanton
2016-02-16 17:14:57 UTC
Permalink
Post by Jeremy Morse
CVE-2015-7547 was just announced, a glibc stack overflow in getaddrinfo.
It looks like everyone who might ever look closely at a v6 socket is
vulnerable, and there are no immediate patches for fedora 22. I've
disabled v6 on saffron for now, and it'll stay off until patched
packages become available.
Those packages should be available soon:
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0480defc94

Cheers,

Rob
--
You received this message because you are subscribed to the Google Groups "Student Robotics Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to srobo-devel+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jeremy Morse
2016-02-16 17:23:44 UTC
Permalink
Hi,

It turns out that disabling v6 is ineffective, according to the email I
linked to. saffron is now dropping outbound TCP on port 53 and dropping
UDP port 53 packets over 512 bytes, as recommended in that email.

--
Thanks,
Jeremy
--
You received this message because you are subscribed to the Google Groups "Student Robotics Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to srobo-devel+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Rob Spanton
2016-02-17 23:44:49 UTC
Permalink
Post by Rob Spanton
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0480defc94
This is now available.  srobo.org will go down for a few minutes now whilst I
perform the update.

Cheers,

Rob
--
You received this message because you are subscribed to the Google Groups "Student Robotics Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to srobo-devel+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Loading...