Yesterday a critical security vulnerability has been published by Qualys concerning the GNU Library C (glibc), named GHOST.
That allows?
The latterwould allow code execution locally or remotely on your linux. An attacker could obtain full control of affected systems. < br / > for more information, see the note following CVE CVE-2015-0235 or the note Qualys.
Since when does it exist?
The first referenced impacted version is glibc - 2.2, whose publication date November 10, 2000. Although there was a patch, considered non-critical, on versions glibc - 2.17 and glibc - 2.18, most linux OS are impacted.
How to check if I am impacted?
The following KB article provides a script that will allow you to check if your system is vulnerable: How to test security GHOST?
How to fix the?
To correct this flaw, we recommend that you update your OS. Most maintainers put at disposal of the patches in their packages.
We invite you to visit the following pages, depending on your OS, for more information about the patch to correct the problem:
- Debian https://security-tracker.debian.org/tracker/CVE-2015-0235
- RedHat https://rhn.redhat.com/errata/RHSA-2015-0090.html or the redhat bugzilla
- arch linux https://wiki.archlinux.org/index.php/CVE
- Ubuntu https://launchpad.net/ubuntu/+source/eglibc
- CentOS https://www.centos.org/forums/viewtopic.php?f=47&t=50808
If you have a linux has become obsolete, we recommend a new installation on an updated version.
If you have a shared benefit or complete outsourcing at iKoula know that our teams have already been required.
Add new comment