pixel code
whatsApp Chat with us on WhatsApp
Important Notification: Ghost Vulnerability

by  David Dwyer on  28/01/2015

Important Notification:Why you can't ignore the Ghost Vulnerability

IMPORTANT NOTIFICATION:

A vulnerability for GLIBC has been announced at https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability. This security flaw allows an authorized person to take control of Linux machine through a buffer overflow in the GetHost functions of GLIBC. The vulnerability is being referred to as GHOST.

We strongly suggest that all non-Inspire customers immediately patch their Linux systems. You can verify the version of the RPM package that is on your server through the change log. Log into your machine at root and run the following command:

rpm -q --changelog glibc | grep CVE-2015-0235


Any system that does not return a result:

[root@server ]# rpm -q --changelog glibc | grep CVE-2015-0235
- Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #-----).
is not patched. These machines can be updated by running the follow command at root:

yum clean all ; yum update glibc

It will be necessary to reboot your machine after this update is complete. Once the machine is back online run the original command of
rpm -q --changelog glibc | grep CVE-2015-0235
and verify that your system is patched.

Inspire customers need not worry as we have already applied this as part of their Support & Maintenance package.

However we understand that not all non-Inspire customers will be comfortable with this process. If you'd like Inspire to help please contact us via our Contact Us page.

This vulnerability is rated as severe. We strongly encourage you to take action immediately.

 

Follow Inspire on Twitter @inspireltd and @developersos

Developer SOS, Inspire Web Development, Inspire Web Services, Outsourced Web Development, Security, Systems Administrator, The Evolving Web, The Ghost Vulnerability, Website Support, Website Vulnerabilities
First Name
Last Name
Email
Website
Phone
How can we help?
To comply with data protection regulations (2018), we are unable to store and use your information unless you give us your permission. Please select Yes to allow this. View our data protection policy for details.
 
Name
Website
Email
Comment
To comply with data protection regulations (2018), we are unable to store and use your information unless you give us your permission. Please select Yes to allow this. View our data protection policy for details.