vmware

2015-01-27 GHOST: glibc gethostbyname buffer overflow CVE-2015-0235

A recent vulnerability was discovered that affect common versions of Linux distributions. It is a serious problem that if left unpatched may lead to remote compromise of your server.

Find more information about the issue.

Affected platforms

Only Linux systems are affected:

  • Ubuntu 10.04, 12.04 are affected. Ubuntu 14.04 is not affected.

  • Debian Squeezy, Wheezy are affected. Debian Jessie, Sid are not affected.

  • CentOS and RHEL 5, 6, 7 are affected.

  • Recent downloadable virtual machine users are not affected, as they are based on Ubuntu 14.04, which is not vulnerable.

  • Bitnami Google Compute platform cloud images are based on Debian 7 and were vulnerable. All of the images have been patched so new server launches will not be vulnerable. If you have older running images, please see the patching instructions.

  • Recent Bitnami Amazon Web Services cloud images are not vulnerable as they are based on Ubuntu 14.04. Older versions based on Ubuntu 12.04 and 10.04 are vulnerable. We have currently removed them from the AWS catalog so no new launches are possible, until they are fixed. Bitnami RHEL and CentOS-based images were similarly vulnerable and if you are running a server based on those you will need to upgrade. Amazon Linux cloud images are affected as well.

How to patch it

Ubuntu and Debian

Execute these commands:

$ apt-get update
$ apt-get -y install libc6

Read the Debian advisory and the Ubuntu advisory.

RedHat Enterprise Linux, Amazon Linux and CentOS

Execute these commands:

$ yum clean all
$ yum update glibc

Read the RedHat advisory and the Amazon advisory.