<div dir="ltr"><div><br></div><div>An update for CloudLinux 5 & 6 was just released to address the previously mentioned glibc vulnerability and it is recommended to update as soon as possible.</div><div><br></div><div>Update Instructions:</div><div><br></div><div>yum update glibc</div><div><br></div><div>Official Link:</div><div><br></div><div><a href="http://cloudlinux.com/blog/clnews/612.php">http://cloudlinux.com/blog/clnews/612.php</a></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jan 28, 2015 at 5:37 AM, Mark Foster <span dir="ltr"><<a href="mailto:blakjak@blakjak.net" target="_blank">blakjak@blakjak.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Sorry for the crosspost - Daniel beat me to the punch on this, I
became aware of this today and it really is quite a biggie; get
patching!<br>
<br>
A fairly human-readable comment on this vulnerability can be found
at Qualys:<br>
<br>
<a href="https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability" target="_blank">https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability</a><br>
<br>
And a good technical description:<br>
<br>
<a href="http://ma.ttias.be/critical-glibc-update-cve-2015-0235-gethostbyname-calls/" target="_blank">http://ma.ttias.be/critical-glibc-update-cve-2015-0235-gethostbyname-calls/</a><br>
<br>
Mark.<br>
<div><br>
<br>
-------- Forwarded Message --------
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<th align="RIGHT" nowrap valign="BASELINE">Subject:
</th>
<td>[NZOSS-Openchat] Vulnerability alert: GHOST - glibc
gethostbyname buffer overflow</td>
</tr>
<tr>
<th align="RIGHT" nowrap valign="BASELINE">Date: </th>
<td>Wed, 28 Jan 2015 12:58:35 +1300</td>
</tr>
<tr>
<th align="RIGHT" nowrap valign="BASELINE">From: </th>
<td>Daniel Reurich <a href="mailto:daniel@centurion.net.nz" target="_blank"><daniel@centurion.net.nz></a></td>
</tr>
<tr>
<th align="RIGHT" nowrap valign="BASELINE">Reply-To:
</th>
<td>NZOSS Open Discussion List
<a href="mailto:openchat@lists.nzoss.org.nz" target="_blank"><openchat@lists.nzoss.org.nz></a></td>
</tr>
<tr>
<th align="RIGHT" nowrap valign="BASELINE">To: </th>
<td>NZOSS Open Discussion List
<a href="mailto:openchat@lists.nzoss.org.nz" target="_blank"><openchat@lists.nzoss.org.nz></a></td>
</tr>
</tbody>
</table>
<br>
<br>
<pre>This is a fairly serious bug effecting glibc versions prior to glibc
2.18. In particular current Stable and Long Term Service Releases such
as Debian Wheezy, Red Hat Enterprise and CentOS vs 5, 6 & 7 etc are
known to be vulnerable.
Please check your distrobution for updates. Debian Wheezy has a
security update, and Jessie/Sid have new packages with the fix.
Details of the specifics can be found here:
<a href="http://www.openwall.com/lists/oss-security/2015/01/27/9" target="_blank">http://www.openwall.com/lists/oss-security/2015/01/27/9</a><span class="HOEnZb"><font color="#888888">
--
Daniel Reurich
Centurion Computer Technology (2005) Ltd.
021 797 722
_______________________________________________
Openchat mailing list
<a href="mailto:Openchat@lists.nzoss.org.nz" target="_blank">Openchat@lists.nzoss.org.nz</a>
<a href="http://lists.nzoss.org.nz/mailman/listinfo/openchat" target="_blank">http://lists.nzoss.org.nz/mailman/listinfo/openchat</a>
</font></span></pre>
<br>
</div>
<br>
</div>
<br><br>
--<br>
Wellington Linux Users Group Mailing List: <a href="mailto:wellylug@lists.wellylug.org.nz">wellylug@lists.wellylug.org.nz</a><br>
To Leave: <a href="http://lists.wellylug.org.nz/mailman/listinfo/wellylug" target="_blank">http://lists.wellylug.org.nz/mailman/listinfo/wellylug</a><br>
<br></blockquote></div><br></div>