vendredi 30 janvier 2015

Is Java vulnerable to glibc GHOST Vulnerability in Linux?



I see on our RedHat Linux platform that "java" process has dependency over glibc library:



[root@hpproliant1 ~]# ldd /usr/bin/java
linux-gate.so.1 =>  (0xffffe000)
libpthread.so.0 => /lib/libpthread.so.0 (0xf7f77000)
libjli.so => /usr/java/32bit/jre1.6.0_26/bin/../lib/i386/jli/libjli.so (0xf7f6e000)
libdl.so.2 => /lib/libdl.so.2 (0xf7f69000)
libc.so.6 => /lib/libc.so.6 (0xf7e11000)
/lib/ld-linux.so.2 (0xf7f97000)


Does Java APIs call indirectly problematic glibc functions? If so is the jvm using the vulnerable function in a way that's vulnerable?





Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)