How to patch CVE-2015-0235 (GHOST) on debian 7 (wheezy)?

This vulnerability was found in glibc, see this hacker news post for more info.

As described in the debian bug tracker, the vulnerability was already patched in testing and unstable.

I'd like to patch it as early as possible, so is it possible to install the patched package from one of those versions and if yes, how can i do so?


No, installing packages from the wrong distribution version is not safe. Despite that people seem to do it all the time (and usually break their systems in amusing ways). In particular glibc is the most critical package on the system; everything is built against it, and if its ABI is changed then everything would have to be rebuilt against it. You should not expect software built against one version of glibc to work when another version is present.

And anyway, this vulnerability has been around for over 14 years, and despite all the yelling and screaming about it, it requires a fairly narrow set of circumstances to exploit. Waiting a day or two for a proper patch isn't likely to be a problem.


First of all, don't panic! The debian devs will release an updated package as soon as possible so all you have to do is to upgrade after the patch has been released. To find out if it has been released please don't run apt-get update every 5 minutes but subscribe to https://lists.debian.org/debian-security-announce/ and simply wait for the email to hit your inbox.


The update for glibc is already available in security updates for debian 7. Check if security updates are enabled in sources.list. I am going to update my servers this evening.