Multilib glibc patched for GHOST vulnerability (CVE-2015-0235)
There was some unrest about the most recent glibc update in the stable releases of Slackware (slackware-current excluded). Glibc was patched against a new vulnerability, CVE-2015-0235, for which the only known exploit currently is in the MTA Exim (software which is not part of Slackware) and an exploit for this vulnerability is difficult to write apparently. I usually am quite fast in following up on Slackware updates for gcc and especially glibc. This time, I was busy with answering questions about the new KDE 5 at night, and buried in shit at work during the day.
Nevertheless, when there were no updated multilib versions of glibc the next day, some people asked when they could expect a patched package. Others were less polite and demanded updated packages. That sucked.
Here is where you can find the updated packages:
- http://www.slackware.com/~alien/multilib/current/ (the primary server)
- http://taper.alienbase.nl/mirrors/people/alien/multilib/current/ (my fast mirror)
For the un-initiated: multilib is needed if you want to use binary-only 32-bit software on 64-bit Slackware. Examples of that are Skype, Valve’s Steam Client, the WINE emulator, the Pipelight browser plugin, Citrix client etc.