Security Problem in Gentoo :(

[ViMan]

A questions about the Security flaw that hit Windows, Macs, and Linux (see http://zdnet.com.com/2100-1105-948728.html). It says that "Several vendors of Unix and Unix-like operating systems, including Red Hat, Debian, FreeBSD, Sun and NetBSD said that their software was affected by the issue, and issued fixes." How does this security flaw affect Gentoo? And are these fixes/patches? Thanks for your time.

[rac]

Moved to Networking & Security.

glibc 2.2.5-r6 contains a patch for the sunrpc overflow.
_________________
For every higher wall, there is a taller ladder

[ViMan]

What's the easiest way to patch it? emerge -u glibc? Also, is there any chance that doing so will break anything (glibc)? Thanks for your time.

[rac]

It looks to me like everything past -r5 is still masked, so you would need to comment out the ">=sys-libs/glibc-2.2.5-r6" line in /usr/portage/profiles/package.mask, and then "emerge -u glibc". Yes, you need to be careful, because problems with glibc can put your system in an unusable state. I do not know the exact reason why it is still masked, but, as with all masked packages, you probably shouldn't install them on critical systems, and it's probably a good idea to have a binary package as a backup in case you experience problems.
_________________
For every higher wall, there is a taller ladder

[Xor]

I admit it.... I'm still a little byte confused about the topic in general. If gentoo will ever get a major update of the glibc... how will the procedure be? I mean, will the old glibc be "protected" till all application are linked to the new one? or does the current "cleaning feature or portage" remove the old one as soon as the new once is in place, and probably render the system unusable....

Thanks
xor