"Further technical analysis of the GHOST vulnerability by security researchers lcamtuf can be found here" (http://lcamtuf.blogspot.com.es/2015/01/technical-analysis-of-qualys-ghost.html)
Brilliant info. well worth reading.
The latest high-profile security vulnerability affecting Linux systems is serious but nowhere near as bad as the infamous Heartbleed flaw, according to security experts. Hackers might be able to use the so-called GHOST flaw to plant malware or seize control of some Linux-based systems. Security researchers at cloud security …
You can restart the services one by one if you want. No need to reboot. Or restart only the ones that are clear to be affected (exim).
By the way - debian patched eglibc packages do not restart it which is weird as they are usually quite a**l about it and have a list of packages they need to restart on upgrade (usually exim, ssh and inetd).
This post has been deleted by its author
I have just updated some 8 machines, none of them rebooted. I restarted some services (exim, httpd, sshd, ...) - but a reboot was not needed -- these are Linux systems, not MS Windows.
I agree that a reboot is an easy way of restarting everything - but if you know what you are doing it is not necessary.
Did you check each and every process linking to glibc?
Also Windows asks you to reboot *exactly* because it wants to avoid to have two different version of a system library loaded and some applications using one and others the other. To ensure anything passed around conforms to the same code and no risk of passing around something slightly different happens....
That's also why even a full reboot under Linux - if you can afford it - could be a safer choice.
"Without a reboot, services using the old library will not be restarted"That's the problem right there.
Not really - it's not actually true.
Services must be restarted, but that's a trivial matter. The machine as a whole does not need to be rebooted in the short term; this might, of course, lead to certain daemons still running the old code, but the attack surface is minimised and the public-facing services left running the patched version.
Restarting web, mail and other network services takes less than a minute all in.
Vic.
Yes, gethostbyname is obsoleted by getaddrinfo; but exim, for example, was written four years before getaddrinfo was standardized (by RFC 2553), much less widely available. There was no compelling reason1 for most applications to replace working gethostbyX calls with the corresponding getXinfo ones. Not when there are so many other bugs to fix and features to add and online arguments to argue.
1For most users and developers, IPv6 is still not a compelling reason. At best it's a mild source of guilt - oh, yes, someday we'll probably have to support IPv6. We've successfully pushed "someday" off for nineteen years and counting.
This post has been deleted by its author