If you operate a Linux-based computer system, especially a server, here’s something you will want to make sure you do if you haven’t done so in the past week: update. Last week, researchers at Google and Red Hat jointly announced a severe vulnerability that plagues glibc, aka: GNU C Library, which virtually every Linux install will have. If you updated within the past week, you’re likely safe, but if you’re not sure you patched this particular bug, run the updater again just to double-check. As usual it’s always better to be safe than sorry.
When the vulnerability was unveiled, it seemed as though control of the DNS server would be required to exploit it. Now, the same researchers are joined by Dan Kaminsky, Chief Scientist of White Ops and others to show that the bug can actually be exploited independently of the DNS server, making it a much more severe bug than originally believed.
Submitted by: Arnfried Walbrecht