Based on some facts:
1. Run the famous GHOST.c and print out "not vulnerable" with 2.17-93ubuntu4 libc6.
2. The patch was in on May 21, 2013, between the release of glibc-2.17 and 2.18.
3. Tomsguide said 13.10 and later are immune.
4. A comment from Y Combinator said no.
However, Qualys said 2.17 should have a problem right?
Following the patch...
Let's get the glibc source 2.17-93ubuntu4
# apt-get source eglibc
# head debian/changelog
eglibc (2.17-93ubuntu4) saucy; urgency=low
# vi nss/digits_dots.c
matches
Yea it was patched.
Friday, January 30, 2015
Thursday, January 22, 2015
The preseed to disable the auto update from Ubuntu repo during ISO installation
Tried to search google and didn't find an easy answer. Therefore I needed to look at the apt-setup source, and figured out these two preseeds:
d-i apt-setup/use_mirror boolean false
d-i apt-setup/services-select-ubuntu multiselect ""
The first entry disables the main/update/multiverse etc. The second entry disables the security.
Subscribe to:
Posts (Atom)