[openssl-users] Is openssl a vector of exploit for Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname ?
openssl-users at dukhovni.org
Fri Jan 30 21:51:26 UTC 2015
On Fri, Jan 30, 2015 at 09:46:46PM +0000, Salz, Rich wrote:
> > So it look like only direct use of BIO_gethostbyname can cause issues and
> > openssl does not rely on obsolete gethostbyname if it can use alternate
> > getaddrinfo.
> > I would be happy to receive any comment on that.
> Okay: I agree with your review...
The fix is to deploy an updated glibc. Fixing everything linked
to glibc is not particularly practical.
More information about the openssl-users