X2Go Bug report logs - #778
affected by CVE 2015-0235: Stop using gethosbyname()

Package: nx-libs; Maintainer for nx-libs is X2Go Developers <x2go-dev@lists.x2go.org>;

Reported by: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Date: Sun, 1 Feb 2015 07:05:02 UTC

Severity: important

Full log


Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):

Received: (at submit) by bugs.x2go.org; 1 Feb 2015 07:04:47 +0000
From mike.gabriel@das-netzwerkteam.de  Sun Feb  1 08:04:45 2015
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_40,URIBL_BLOCKED
	autolearn=ham version=3.3.2
Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 159735DB48
	for <submit@bugs.x2go.org>; Sun,  1 Feb 2015 08:04:45 +0100 (CET)
Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98])
	by freya.das-netzwerkteam.de (Postfix) with ESMTPS id C5BD6220
	for <submit@bugs.x2go.org>; Sun,  1 Feb 2015 08:04:44 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id B97DD3BC1E
	for <submit@bugs.x2go.org>; Sun,  1 Feb 2015 08:04:44 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de
Received: from grimnir.das-netzwerkteam.de ([127.0.0.1])
	by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id yWRvxnoWKqVB for <submit@bugs.x2go.org>;
	Sun,  1 Feb 2015 08:04:44 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 96FAF3B9EA
	for <submit@bugs.x2go.org>; Sun,  1 Feb 2015 08:04:44 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 4B08F3BC1E
	for <submit@bugs.x2go.org>; Sun,  1 Feb 2015 08:04:44 +0100 (CET)
Received: from [192.168.1.28] (p5B3B8F07.dip0.t-ipconnect.de [91.59.143.7])
	by grimnir.das-netzwerkteam.de (Postfix) with ESMTPSA id D5BAE3B9EA
	for <submit@bugs.x2go.org>; Sun,  1 Feb 2015 08:04:43 +0100 (CET)
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Reply-To: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: submit@bugs.x2go.org
Subject: affected by CVE 2015-0235: Stop using gethosbyname()
X-Mailer: Modest 3.2
Content-Type: text/plain; charset=utf-8
Content-ID: <1422774280.1428.4.camel@Nokia-N900>
Date: Sun, 01 Feb 2015 08:04:41 +0100
Message-Id: <1422774281.1428.5.camel@Nokia-N900>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Package: src:nx-libs
Severity: important

The NX source code uses gethostbyname() at several locations and is potentially affected by CVE 2015-0235 (GHOST security issue in glibc).

We should move towards using getaddrinfo() asap.

Mike


-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976148

GnuPG Key ID 0x25771B13
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de




Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Wed Feb 1 23:10:16 2023; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.