<div dir="ltr"><div><br></div><div>An update for CloudLinux 5 & 6  was just released to address the previously mentioned glibc vulnerability and it is recommended to update as soon as possible.</div><div><br></div><div>Update Instructions:</div><div><br></div><div>yum update glibc</div><div><br></div><div>Official Link:</div><div><br></div><div><a href="http://cloudlinux.com/blog/clnews/612.php">http://cloudlinux.com/blog/clnews/612.php</a></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jan 28, 2015 at 5:37 AM, Mark Foster <span dir="ltr"><<a href="mailto:blakjak@blakjak.net" target="_blank">blakjak@blakjak.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  

    
  
  <div bgcolor="#FFFFFF" text="#000000">
    Sorry for the crosspost - Daniel beat me to the punch on this, I
    became aware of this today and it really is quite a biggie; get
    patching!<br>
    <br>
    A fairly human-readable comment on this vulnerability can be found
    at Qualys:<br>
    <br>
<a href="https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability" target="_blank">https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability</a><br>
    <br>
    And a good technical description:<br>
    <br>
<a href="http://ma.ttias.be/critical-glibc-update-cve-2015-0235-gethostbyname-calls/" target="_blank">http://ma.ttias.be/critical-glibc-update-cve-2015-0235-gethostbyname-calls/</a><br>
    <br>
    Mark.<br>
    <div><br>
      <br>
      -------- Forwarded Message --------
      <table border="0" cellpadding="0" cellspacing="0">
        <tbody>
          <tr>
            <th align="RIGHT" nowrap valign="BASELINE">Subject:
            </th>
            <td>[NZOSS-Openchat] Vulnerability alert: GHOST - glibc
              gethostbyname buffer overflow</td>
          </tr>
          <tr>
            <th align="RIGHT" nowrap valign="BASELINE">Date: </th>
            <td>Wed, 28 Jan 2015 12:58:35 +1300</td>
          </tr>
          <tr>
            <th align="RIGHT" nowrap valign="BASELINE">From: </th>
            <td>Daniel Reurich <a href="mailto:daniel@centurion.net.nz" target="_blank"><daniel@centurion.net.nz></a></td>
          </tr>
          <tr>
            <th align="RIGHT" nowrap valign="BASELINE">Reply-To:
            </th>
            <td>NZOSS Open Discussion List
              <a href="mailto:openchat@lists.nzoss.org.nz" target="_blank"><openchat@lists.nzoss.org.nz></a></td>
          </tr>
          <tr>
            <th align="RIGHT" nowrap valign="BASELINE">To: </th>
            <td>NZOSS Open Discussion List
              <a href="mailto:openchat@lists.nzoss.org.nz" target="_blank"><openchat@lists.nzoss.org.nz></a></td>
          </tr>
        </tbody>
      </table>
      <br>
      <br>
      <pre>This is a fairly serious bug effecting glibc versions prior to glibc 
2.18.  In particular current Stable and Long Term Service Releases such 
as Debian Wheezy, Red Hat Enterprise and CentOS vs 5, 6 & 7 etc are 
known to be vulnerable.

Please check your distrobution for updates.  Debian Wheezy has a 
security update, and Jessie/Sid have new packages with the fix.

Details of the specifics can be found here:
<a href="http://www.openwall.com/lists/oss-security/2015/01/27/9" target="_blank">http://www.openwall.com/lists/oss-security/2015/01/27/9</a><span class="HOEnZb"><font color="#888888">



-- 
Daniel Reurich
Centurion Computer Technology (2005) Ltd.
021 797 722
_______________________________________________
Openchat mailing list
<a href="mailto:Openchat@lists.nzoss.org.nz" target="_blank">Openchat@lists.nzoss.org.nz</a>
<a href="http://lists.nzoss.org.nz/mailman/listinfo/openchat" target="_blank">http://lists.nzoss.org.nz/mailman/listinfo/openchat</a>
</font></span></pre>
      <br>
    </div>
    <br>
  </div>

<br><br>
--<br>
Wellington Linux Users Group Mailing List: <a href="mailto:wellylug@lists.wellylug.org.nz">wellylug@lists.wellylug.org.nz</a><br>
To Leave:  <a href="http://lists.wellylug.org.nz/mailman/listinfo/wellylug" target="_blank">http://lists.wellylug.org.nz/mailman/listinfo/wellylug</a><br>
<br></blockquote></div><br></div>