[wellylug] Fwd: [NZOSS-Openchat] Vulnerability alert: GHOST - glibc gethostbyname buffer overflow

Danial José danialjose at gmail.com
Wed Jan 28 13:28:30 NZDT 2015


An update for CloudLinux 5 & 6  was just released to address the previously
mentioned glibc vulnerability and it is recommended to update as soon as
possible.

Update Instructions:

yum update glibc

Official Link:

http://cloudlinux.com/blog/clnews/612.php

On Wed, Jan 28, 2015 at 5:37 AM, Mark Foster <blakjak at blakjak.net> wrote:

>  Sorry for the crosspost - Daniel beat me to the punch on this, I became
> aware of this today and it really is quite a biggie; get patching!
>
> A fairly human-readable comment on this vulnerability can be found at
> Qualys:
>
>
> https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability
>
> And a good technical description:
>
> http://ma.ttias.be/critical-glibc-update-cve-2015-0235-gethostbyname-calls/
>
> Mark.
>
>
> -------- Forwarded Message --------  Subject: [NZOSS-Openchat]
> Vulnerability alert: GHOST - glibc gethostbyname buffer overflow  Date: Wed,
> 28 Jan 2015 12:58:35 +1300  From: Daniel Reurich <daniel at centurion.net.nz>
> <daniel at centurion.net.nz>  Reply-To: NZOSS Open Discussion List
> <openchat at lists.nzoss.org.nz> <openchat at lists.nzoss.org.nz>  To: NZOSS
> Open Discussion List <openchat at lists.nzoss.org.nz>
> <openchat at lists.nzoss.org.nz>
>
> This is a fairly serious bug effecting glibc versions prior to glibc
> 2.18.  In particular current Stable and Long Term Service Releases such
> as Debian Wheezy, Red Hat Enterprise and CentOS vs 5, 6 & 7 etc are
> known to be vulnerable.
>
> Please check your distrobution for updates.  Debian Wheezy has a
> security update, and Jessie/Sid have new packages with the fix.
>
> Details of the specifics can be found here:http://www.openwall.com/lists/oss-security/2015/01/27/9
>
>
>
> --
> Daniel Reurich
> Centurion Computer Technology (2005) Ltd.
> 021 797 722
> _______________________________________________
> Openchat mailing listOpenchat at lists.nzoss.org.nzhttp://lists.nzoss.org.nz/mailman/listinfo/openchat
>
>
>
>
>
> --
> Wellington Linux Users Group Mailing List: wellylug at lists.wellylug.org.nz
> To Leave:  http://lists.wellylug.org.nz/mailman/listinfo/wellylug
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wellylug.org.nz/pipermail/wellylug/attachments/20150128/e663bcbc/attachment.html>


More information about the wellylug mailing list