Security Update:A Critical Linux Security Hole, GHOST, is Revealed
Date and Time
All Linux Users
Qualys Security Advisory reports a critical vulnerability in glibc, the GNU C library that affects all Linux systems dating back to 2000. The vulnerability, CVE-2015-0235, has already been nicknamed GHOST because of its relation to the GetHOST functions.
Advanced Users: For a complete description of the vulnerability refer to Qualys Security Advisory CVE-2015-0235 at https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt.
- All Linux Systems
WHAT'S THE PROBLEM?
Attackers can use this flaw to execute code and remotely gain control of Linux machines.
HOW DO I PROTECT MY COMPUTER?
Update your software
- If you are supported by ITFS or have different IT support, no action on your part is required.
- If you do not have IT support or they do not support your computer, contact your respective Linux distributor for an update if not listed below:
- Red Hat - https://access.redhat.com/articles/1332213
- Novell - http://support.novell.com/security/cve/CVE-2015-0235.html
- Debian - https://security-tracker.debian.org/tracker/CVE-2015-0235
- GHOST glibc Remote Code Execution Vulnerability Affects All Linux Systems - http://threatpost.com/ghost-glibc-remote-code-execution-vulnerability-af...
- Critical glibc update (CVE-2015-0235) in gethostbyname() calls - http://ma.ttias.be/critical-glibc-update-cve-2015-0235-gethostbyname-calls/
- IT Security - http://it.ucsf.edu/security