CloudLinux - CloudLinux Blog - GLIBC GHOST remote vulnerability - CVE-2015-0235
RSS

GLIBC GHOST remote vulnerability - CVE-2015-0235

Hello Everyone,

There is a new remote vulnerability in glibc under CVE-2015-0235. The bug is in __nss_hostname_digits_dots() function, which is used by the gethostbyname().
It is a buffer overflow vulnerability, that allows attacker to execute arbitrary code.
Updated packages had been relesed for CL6 & CL5. Please, make sure to update.

Updated CL5 GLIBC version:

glibc-2.5-123.el5_11.1


Updated CL6 GLIBC version:
glibc-2.12-1.149.el6_6.5

To update:
$ yum update glibc

So far there is a proof of concent that can use this vulnerability against Exim servers. While initial investigation by Qualys reports that there is no way to exploit following services to the best of their knowledge, we still recommend to update for everyone.
apache, cups, dovecot, gnupg, isc-dhcp, lighttpd, mariadb/mysql,
nfs-utils, nginx, nodejs, openldap, openssh, postfix, proftpd,
pure-ftpd, rsyslog, samba, sendmail, sysklogd, syslog-ng, tcp_wrappers,
vsftpd, xinetd.
GLIBC GHOST - do you really have to reboot?
Beta: New CL6 kernel 2.6.32-531.29.2.lve1.3.11.1
 

By accepting you will be accessing a service provided by a third-party external to https://www.cloudlinux.com/