Based on the exploit, aren't, at most, only the exits vulnerable? I didn't think middles would do any DNS resolving.
Those like me running debian and putting off doing a reboot might find needrestart (package of same name) and checkrestart (package debian-goodies) useful.
On Tue, 23 Feb 2016, at 07:16 AM, Dmitrii Tcvetkov wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On Mon, 22 Feb 2016 21:16:42 -0800 Saint Aardvark the Carpeted aardvark@saintaardvarkthecarpeted.com wrote:
Most libraries aren't so central to everything that runs in Linux, and restarting the programs that use the library in question is a perfectly fine way to ensure you get the new library loaded. But libc is so very central to absolutely *everything* (or nearly so) in Linux that the best way to ensure everything gets the new, patched versions is simply to reboot.
It is true, but still reboot should not be so essential for glibc upgrade. You can just restart (not reload, SIGHUP will not help) services on your server and they will load new glibc. This will allow yout to delay server reboot until next kernel upgrade.
IOW server reboot is easier but is not necessary. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQEcBAEBCAAGBQJWzAdnAAoJEG7QE8vSCezkgTkIAL/B0wBlY/TEvinnIPjj3SLO loZLceYMnxEscnPTmEGCFY/9w2T+0XCW/sFSOrGd9ji9V5Fubuo06wzqUStsuLwq HaMuaCLFo4cSI1nHyx99Uu5WG0/Oy2HAVHOsoSSyKT+2XkCKxii4KKtSCXxIUbHk gUujxXTNhknh8hIXS66mgVIYB26r1rLDcHTO7/LGPcooJjrnP+RbDobEk5e/yqEI NMQjVDienm/+xWmIBfQBJp98Fi0+I79u4duSs06lRD95mKyxB8oUqw9eD6VOHHwB 0MQQbRO67mqFrCTi1T1WhSjjj4xsvLfjQSf31PfZm/PCEL6aJ3LFoTP6VkPjMjY= =6tI4 -----END PGP SIGNATURE----- _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays