Daily Archive: 2015.01.27

$ cd ~meri > 2015 > January > 27

PSA: glibc buffer overflow (nss_hostname_digits_dots)

2015.01.27

[covert-ops] bullhorn

Via https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235.

A heap-based buffer overflow was found in glibc’s __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.

Update ALL THE THINGS! Again. Once, you know, a patch is available.

Annoyances, PSA, Technology

,

Grab Bag: Circadian what? Can’t sleep. Casting on. Introducing Legend.

2015.01.27

While G was away, I discovered something somewhat perturbing: any concept I have of a regular schedule is driven almost exclusively by two things: G’s schedule, and Sprocket demanding to be fed at some point between 4:30 and 6:00 AM. As such, I’ve spent the last 10 days pretty much sleeping whenever I got tired, and waking up (generally) whenever my body could no longer handle being flat. Sadly, this little experiment did not produce any interesting results. The aches and pains are still going strong, I still managed to catch a cold, and I didn’t even manage to feel rested. (more…)

Annoyances, Craftiness

, , ,