A potential exploit has been discovered that may allow attackers to execute malicious code across many Linux distributions. The vulnerability in the GNU C Library (glibc) has been assigned CVE-2015-0235 and is being referred to by some as the "Ghost" vulnerability. XWeb pack repositories have been updated and many servers (barring those with updates disabled) have received an update that patches this vulnerability, however, a reboot will still be required in those cases in order to ensure all potential threats have been neutralized. It is important that you take a moment to verify that your server(s) is (are) not susceptible to potential attackers taking advantage of this. Additional Technical Details: https://access.redhat.com/security/cve/CVE-2015-0235 http://www.openwall.com/lists/oss-security/2015/01/27/9 In order to assist our customers with investigating if their service has been patched, as well as troubleshooting potential remaining vulnerability, we have published several tutorials in our Knowledge Base with instructions illustrating how to check susceptibility and safeguard vulnerable environments. Please consult the articles below as soon as you are able to do so, in order to avoid any potential unwanted consequences from this exploit. These entries will be updated if/when any additional information is made available. Information on CVE-2015-0235 (GHOST) Vulnerability for Red Hat and CentOS How to Check the glibc (GNU libc) Version on CentOS 6 and CentOS 7 How To Update the glibc (GNU libc) in CentOS / Red Hat. If you need our assistance with this or if you have any additional questions, please do not hesitate to contact us.
Tuesday, February 3, 2015
« Back
