How to patch CVE-2015-0235 (GHOST) on debian 7 (wheezy)?

twall asked:

This vulnerability was found in glibc, see this hacker news post for more info.

As described in the debian bug tracker, the vulnerability was already patched in testing and unstable.

I’d like to patch it as early as possible, so is it possible to install the patched package from one of those versions and if yes, how can i do so?

My answer:

No, installing packages from the wrong distribution version is not safe. Despite that people seem to do it all the time (and usually break their systems in amusing ways). In particular glibc is the most critical package on the system; everything is built against it, and if its ABI is changed then everything would have to be rebuilt against it. You should not expect software built against one version of glibc to work when another version is present.

And anyway, this vulnerability has been around for over 14 years, and despite all the yelling and screaming about it, it requires a fairly narrow set of circumstances to exploit. Waiting a day or two for a proper patch isn’t likely to be a problem.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.