wrt: Patches are available. We have all the patches for all our systems already down loaded. Our concern is when we need to do the patching. Some want to take all the colleges data center systems down to patch right away. Others want to wait for time slots which would not take down so many systems critical to the college.
I asked here with specific concern about threat to servers running Postfix. On Tue, Feb 23, 2016 at 2:03 PM, Marius Gologan <marius.golo...@gmail.com> wrote: > This one is better: > http://www.liquidweb.com/kb/protecting-against-cve-2015-7547/ > > > > *From:* Marius Gologan [mailto:marius.golo...@gmail.com] > *Sent:* Tuesday, February 23, 2016 11:01 PM > *To:* 'Robert Lopez'; 'Postfix users' > *Subject:* RE: CVE-2015-7547 > > > > Patches are available for most Linux distributions. You need to verify > your version and update in case is necessary: > > > http://www.cyberciti.biz/faq/linux-patch-cve-2015-7547-glibc-getaddrinfo-stack-based-buffer-overflow/ > > > > > > *From:* owner-postfix-us...@postfix.org [mailto: > owner-postfix-us...@postfix.org] *On Behalf Of *Robert Lopez > *Sent:* Tuesday, February 23, 2016 10:57 PM > *To:* Postfix users > *Subject:* CVE-2015-7547 > > > > Does anyone have any knowledge of postfix being exploited via > CVE-2015-7547, glibc stack-based buffer overflow in getaddrinfo()? Any > concerns about the exploitability? > > Discussion here about how fast we must patch glibc. > > > -- > > Robert Lopez > Unix Systems Administrator > Central New Mexico Community College (CNM) > 525 Buena Vista SE > Albuquerque, New Mexico 87106 > -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106
