By timothy from Slashdot's patched-upstream-that-is department
An anonymous reader writes: Today Google's online security team publicly disclosed a severe vulnerability in the Gnu C Library's DNS client. Due to the ubiquity of Glibc, this affects an astounding number of machines and software running on the internet, and raises questions about whether Glibc ought to still be the preferred C library when alternatives like musl are gaining maturity. As one example of the range of software affected, nearly every Bitcoin implementation is affected.
Reader msm1267 adds some information about the vulnerability, discovered independently by security researchers at Red Hat as well as at Google, which has since been patched: The flaw, CVE-2015-7547, is a stack-based buffer overflow in the glibc DNS client-side resolver that puts Linux machines at risk for remote code execution. The flaw is triggered when the getaddrinfo() library function is used, Google said today in its advisory. "A back of the envelope analysis shows that it should be possible to write correctly formed DNS responses with attacker controlled payloads that will penetrate a DNS cache hierarchy and therefore allow attackers to exploit machines behind such caches," Red Hat said in an advisory. It's likely that all Linux servers and web frameworks such as Rails, PHP and Python are affected, as well as Android apps running glibc.Read Replies (0)
By timothy from Slashdot's so-long-as-it's-official department
An anonymous reader writes with news from the BBC that the UK government has launched a publc consultation regarding plans to mandate age checks on pornographic websites. According to the article, The proposals follow a Conservative Party manifesto commitment that "all sites containing pornographic material" must check that users are over 18. Internet providers, charities, academics and others will be asked to contribute to the consultation. ... In the consultation document, the government proposes that the checks should apply to content that would receive — if formally classified — an 18 or R18 rating from the British Board of Film Classification (BBFC). "We are keen to hear from parents, schools, child protection experts, the pornography industry, internet service providers and online platforms that provide access to pornographic content," the consultation document explained. As part of the plans, the government intends to establish a new regulatory framework to enforce compliance with any rules that are made law.Read Replies (0)