[Freeswitch-users] glibc GHOST vulnerability

Nathan Neulinger nneul at mst.edu
Tue Feb 3 20:55:48 MSK 2015 

I think he was referring to confirming his post that the "ldd" is a good check for what shared libraries an object links 
to.

Regis, it is.

Additional tip, if you don't want to do a full system reboot, a quick check you can do is:

	lsof -n -P | grep DEL | grep libc-

Will show you any running processes referencing a deleted "libc-", which means it's running an older version than is 
what is currently installed due to not having been restarted since the update.

If any of those running processes are network services that might have any chance of doing a dns resolution, you should 
definitely apply mitigations if possible or restart those processes.

-- Nathan

On 02/03/2015 11:47 AM, Michael Jerris wrote:
> It was already correctly confirmed in this thread.
>> On Jan 31, 2015, at 3:27 AM, Regis M <regis.freeswitch.org at tornad.net <mailto:regis.freeswitch.org at tornad.net>> wrote:
>>
>> It's not paranoid, it's a logic and normal question.
>>
>> For me, but as to be confirmed by freeswitch dev and c expert, FS compile with linked library by default. And doing :
>> $ ldd <path_to_fs>/bin/freeswitch
>> show you the linked librairy with your binary on your system.
>>
>> If someone else can confirm my post too, I'm not 100% sure.
>>
>> Thanks
>>
>> 2015-01-30 21:01 GMT+01:00 Oleg Stolyar <olegstolyar at gmail.com <mailto:olegstolyar at gmail.com>>:
>>
>>     Yep, just being paranoid and want to absolutely confirm that the standard FreeSWITCH build links libraries
>>     (including glibc) dynamically.
>>
>>
>>     On Jan 30, 2015 11:39 AM, "Sergey Okhapkin" <sos at sokhapkin.dyndns.org <mailto:sos at sokhapkin.dyndns.org>> wrote:
>>
>>         There is no need to rebuild an application linked against a dynamic library.
>>
>>         On Friday 30 January 2015 11:30:28 Oleg Stolyar wrote:
>>         > Sorry if the question is naive - trying to be paranoid here.
>>         >
>>         > On my CentOS machines I updated my glibc version to one that fixed the
>>         > GHOST vulnerability.
>>         >
>>         > Do I need to rebuild FS or is the library linked dynamically, so there is
>>         > no need to rebuild?
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>

-- 
------------------------------------------------------------
Nathan Neulinger                       nneul at mst.edu
Missouri S&T Information Technology    (573) 612-1412
System Administrator - Architect

Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list