Arch Linux Affected

Notified:  January 28, 2015 Updated: January 30, 2015

Statement Date:   January 28, 2015

Status

Affected

Vendor Statement

"Arch Linux is not vulnerable. [Arch Linux is] on a modern version of glibc so [Arch Linux] should have been safe for 18+ months."

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

If using an edition of Arch Linux older than about 18 months, you may wish to check with the vendor to find out if you need to upgrade.

Blue Coat Systems Affected

Updated:  January 30, 2015

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

CentOS Unknown

Notified:  January 28, 2015 Updated: January 28, 2015

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor References

    Cisco Systems, Inc. Affected

    Updated:  January 30, 2015

    Status

    Affected

    Vendor Statement

    No statement is currently available from the vendor regarding this vulnerability.

    Vendor Information

    We are not aware of further vendor information regarding this vulnerability.

    Vendor References

    Citrix Affected

    Updated:  January 30, 2015

    Status

    Affected

    Vendor Statement

    No statement is currently available from the vendor regarding this vulnerability.

    Vendor Information

    We are not aware of further vendor information regarding this vulnerability.

    Vendor References

    Contiki OS Not Affected

    Notified:  January 28, 2015 Updated: January 28, 2015

    Statement Date:   January 28, 2015

    Status

    Not Affected

    Vendor Statement

    "Contiki OS does not use the GNU libc resolver functions so is not affected by this."

    Vendor Information

    We are not aware of further vendor information regarding this vulnerability.

    Cray Inc. Unknown

    Notified:  January 28, 2015 Updated: January 28, 2015

    Status

    Unknown

    Vendor Statement

    No statement is currently available from the vendor regarding this vulnerability.

    Vendor References

      Debian GNU/Linux Affected

      Notified:  January 28, 2015 Updated: January 28, 2015

      Statement Date:   January 28, 2015

      Status

      Affected

      Vendor Statement

      No statement is currently available from the vendor regarding this vulnerability.

      Vendor Information

      We are not aware of further vendor information regarding this vulnerability.

      Vendor References

      F5 Networks, Inc. Affected

      Updated:  January 30, 2015

      Status

      Affected

      Vendor Statement

      No statement is currently available from the vendor regarding this vulnerability.

      Vendor Information

      We are not aware of further vendor information regarding this vulnerability.

      Vendor References

      Fedora Project Unknown

      Notified:  January 28, 2015 Updated: January 28, 2015

      Status

      Unknown

      Vendor Statement

      No statement is currently available from the vendor regarding this vulnerability.

      Vendor References

        Gentoo Linux Affected

        Notified:  January 28, 2015 Updated: January 30, 2015

        Statement Date:   January 29, 2015

        Status

        Affected

        Vendor Statement

        "Our most recent glibc packages are not affected; we'll be issuing an advisory anyway to inform users who may still have older versions installed."

        Vendor Information

        We are not aware of further vendor information regarding this vulnerability.

        Hewlett-Packard Company Unknown

        Notified:  January 28, 2015 Updated: January 28, 2015

        Status

        Unknown

        Vendor Statement

        No statement is currently available from the vendor regarding this vulnerability.

        Vendor References

          IBM Corporation (zseries) Unknown

          Notified:  January 28, 2015 Updated: January 28, 2015

          Status

          Unknown

          Vendor Statement

          No statement is currently available from the vendor regarding this vulnerability.

          Vendor References

            IBM eServer Unknown

            Notified:  January 28, 2015 Updated: January 28, 2015

            Status

            Unknown

            Vendor Statement

            No statement is currently available from the vendor regarding this vulnerability.

            Vendor References

              Juniper Networks, Inc. Affected

              Updated:  January 30, 2015

              Status

              Affected

              Vendor Statement

              No statement is currently available from the vendor regarding this vulnerability.

              Vendor Information

              We are not aware of further vendor information regarding this vulnerability.

              Vendor References

              Mandriva S. A. Unknown

              Notified:  January 28, 2015 Updated: January 28, 2015

              Status

              Unknown

              Vendor Statement

              No statement is currently available from the vendor regarding this vulnerability.

              Vendor References

                NEC Corporation Affected

                Updated:  October 22, 2015

                Status

                Affected

                Vendor Statement

                "We provide information on this issue at the following URL: (only in Japanese)."

                Vendor Information

                We are not aware of further vendor information regarding this vulnerability.

                Vendor References

                NetApp Affected

                Updated:  January 30, 2015

                Status

                Affected

                Vendor Statement

                No statement is currently available from the vendor regarding this vulnerability.

                Vendor Information

                We are not aware of further vendor information regarding this vulnerability.

                Vendor References

                openSUSE project Affected

                Notified:  January 28, 2015 Updated: January 30, 2015

                Statement Date:   January 28, 2015

                Status

                Affected

                Vendor Statement

                "openSUSE 13.1 and 13.2 are not affected by the problem."

                Vendor Information

                We are not aware of further vendor information regarding this vulnerability.

                Vendor References

                Addendum

                Older versions of openSUSE may be affected. Check with the vendor to see if you require an upgrade.

                Openwall GNU/*/Linux Affected

                Notified:  January 28, 2015 Updated: January 30, 2015

                Statement Date:   January 29, 2015

                Status

                Affected

                Vendor Statement

                "Openwall GNU/*/Linux (Owl) was affected, although there's no known attack vector that would expose the glibc bug as a vulnerability in an install of Owl with no third-party software. We have released glibc updates for Owl 3.1-stable and Owl-current on 2015/01/28."

                Vendor Information

                We are not aware of further vendor information regarding this vulnerability.

                Oracle Corporation Unknown

                Notified:  January 28, 2015 Updated: January 28, 2015

                Status

                Unknown

                Vendor Statement

                No statement is currently available from the vendor regarding this vulnerability.

                Vendor References

                  Red Hat, Inc. Affected

                  Notified:  January 28, 2015 Updated: January 30, 2015

                  Status

                  Affected

                  Vendor Statement

                  No statement is currently available from the vendor regarding this vulnerability.

                  Vendor Information

                  We are not aware of further vendor information regarding this vulnerability.

                  Vendor References

                  Slackware Linux Inc. Affected

                  Notified:  January 28, 2015 Updated: January 28, 2015

                  Statement Date:   January 28, 2015

                  Status

                  Affected

                  Vendor Statement

                  No statement is currently available from the vendor regarding this vulnerability.

                  Vendor Information

                  We are not aware of further vendor information regarding this vulnerability.

                  Vendor References

                  SUSE Linux Affected

                  Notified:  January 28, 2015 Updated: January 28, 2015

                  Statement Date:   January 28, 2015

                  Status

                  Affected

                  Vendor Statement

                  "SUSE Linux Enterprise 11 and older are affected by the problem. We released updates for all supported and affected codestreams. SUSE Linux Enterprise 12 is not affected by this problem."

                  Vendor Information

                  We are not aware of further vendor information regarding this vulnerability.

                  Vendor References

                  Turbolinux Unknown

                  Notified:  January 28, 2015 Updated: January 28, 2015

                  Status

                  Unknown

                  Vendor Statement

                  No statement is currently available from the vendor regarding this vulnerability.

                  Vendor References

                    Ubuntu Affected

                    Notified:  January 28, 2015 Updated: January 28, 2015

                    Statement Date:   January 28, 2015

                    Status

                    Affected

                    Vendor Statement

                    "Ubuntu 10.04 LTS (lucid) and Ubuntu 12.04 LTS (precise) were affected; Ubuntu 14.04 LTS and newer releases were not, as they included versions of the GNU C Library that already contained the upstream fix."

                    Vendor Information

                    We are not aware of further vendor information regarding this vulnerability.

                    Vendor References

                    View all 26 vendors View less vendors