glibc upgrade

How to do things, solutions, recipes, tutorials
Message
Author
watchdog
Posts: 2021
Joined: Fri 28 Sep 2012, 18:04
Location: Italy

#61 Post by watchdog »

When the bug was found lucid ubuntu 10.04, which originally came with glibc 2.11, was out of support so I think there is not a patched glibc 2.11. I don't care very much about glibc vulnerabilities because I use puppy as client and many vulnerabilities are effective only as server side.

sindi
Posts: 1087
Joined: Sun 16 Aug 2009, 13:30
Location: Ann Arbor MI USA

Patched glibc 2.11 in Dec 28 2016 Lucid 5.2.8.7

#62 Post by sindi »

Rerwin (in Lucid Puppy Revitalized as 5.2.8.7) just updated glibc 2.11 to a patched version in the latest Lucid Puppy 2016 (which may become 2017 if there are still bugs).

Updates since Dec 16:

glibc 2.11 updated (0ubuntu7.21) with all its Lucid security fixes including for GHOST. (prompted by sindi's question about it)
- asound_include - support coexistent sound applications (result of keniv's interest in puppybt)
- getflash with updated URL to restore the function
- Extract-pet avoids leaving behind the (tar.gz, tar.xz) tarball used for extraction
- PPM help page link fixed (reported by Snail)
Download directory: https://www.mediafire.com/folder/dh45w4 ... 16_Release

I was looking for a patched 2.11 because someone at Pale Moon did not want to compile for an insecure glibc and the glibc 2.17 he compiled for instead won't work with Lucid Puppy. It sounds like Pale Moon is willing to compile special versions to work with Puppy Linux. They were planning to compile in future with CentOS7 and the result won't even work with Tahr (libstdc++ can't find what it wants).
The complete change list: http://www.murga-linux.com/puppy/viewto ... 697#932697

I hope this is the last update for a while, although I expect to address issues if they arise.
Richard

watchdog
Posts: 2021
Joined: Fri 28 Sep 2012, 18:04
Location: Italy

#63 Post by watchdog »

There is the so-called "ghost" vulnerability and another vulnerability discovered on February 2016:

http://www.murga-linux.com/puppy/viewtopic.php?t=105429

glibc 2.11 updated (0ubuntu7.21) was built in 2015:

https://launchpad.net/~ubuntu-security/ ... ld/7011724

Is it really patched for the last vulnerability? I don't worry about this but I hope someone can answer my question.

Post Reply