CVE-2015-0235 - GHOST

Wed Jan 28 08:38:45 UTC 2015

JFYI

Here is a list of potential targets that we investigated (they all call

*gethostbyname*, one way or another), but to the best of our knowledge,

the buffer overflow cannot be triggered in any of them:

apache, cups, dovecot, gnupg, isc-dhcp, lighttpd, mariadb/mysql,

nfs-utils, *nginx*, nodejs, openldap, openssh, postfix, proftpd,

pure-ftpd, rsyslog, samba, sendmail, sysklogd, syslog-ng, tcp_wrappers,

vsftpd, xinetd.

http://seclists.org/oss-sec/2015/q1/283

-- 
Yours sincerely,
Vladimir Getmanshchuk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-ru/attachments/20150128/b2f8705d/attachment-0001.html>