From rosuav at gmail.com  Wed Feb 17 17:38:24 2016
From: rosuav at gmail.com (Chris Angelico)
Date: Thu, 18 Feb 2016 09:38:24 +1100
Subject: [Python-buildbots] [Python-Dev] Buffer overflow bug in GNU C's
 getaddrinfo()
In-Reply-To: <CAGE7PNKyODxZWH4=jtLXbKJVoqb-+=QsRX1DuaMdGHRPcFbXkw@mail.gmail.com>
References: <56C4BF9C.7060607@mrabarnett.plus.com>
 <F65BEF51-E2A6-4D13-B9BB-4E7AD574F094@yahoo.com>
 <CAGE7PNKyODxZWH4=jtLXbKJVoqb-+=QsRX1DuaMdGHRPcFbXkw@mail.gmail.com>
Message-ID: <CAPTjJmpjdbZn0KYDC=XxKniUkR5nz7z84k8xKK5nXymMH-Xk=w@mail.gmail.com>

On Thu, Feb 18, 2016 at 8:46 AM, Gregory P. Smith <greg at krypto.org> wrote:
> On Wed, Feb 17, 2016 at 12:12 PM Andrew Barnert via Python-Dev
> <python-dev at python.org> wrote:
>>
>> On Feb 17, 2016, at 10:44, MRAB <python at mrabarnett.plus.com> wrote:
>> >
>> > Is this something that we need to worry about?
>> >
>> > Extremely severe bug leaves dizzying number of software and devices
>> > vulnerable
>> >
>> > http://arstechnica.com/security/2016/02/extremely-severe-bug-leaves-dizzying-number-of-apps-and-devices-vulnerable/
>>
>> Is there a workaround that Python and/or Python apps should be doing, or
>> is this just a matter of everyone on glibc 2.9+ needs to update their glibc?
>
>
> There are no workarounds that we could put within Python. People need to
> update their glibc and reboot. All useful(*) Linux distros have already
> released update packages.
>
> All of the infrastructure running Linux needs the update applied and a
> reboot (I'm guessing our infrastructure peeps have already done that).  But
> this also includes Linux buildbots run by our random set of buildbot donors.

Passing this along to the buildbots list. Everyone running Linux
buildbots should run updates; I don't know about other Unix-like OSes
and whether they use glibc (does anyone have a Hurd system?), but it
can't hurt to check for package manager updates anyway.

ChrisA