Ghost Security Flaw – Critical

News has broken about a serious security flaw used in many major Linux distributions.

Security research firm Qualys has discovered a security flaw in the Linux GNU C Library, glibc. The flaw has been dubbed “GHOST” and is detailed as follows CVE-2015-0235.

This exploit allows remote code execution in certain instances. If you are running glibc 2.2 on up to 2.17 you are vulnerable. The issue was actually corrected in glicb v 2.18, but it wasn’t flagged as a security update, so it may or may not be installed on the Long Term Support distros out there. RHEL 5, 6, and 7, Ubuntu 10.04 and 12.04, CentOS 6 & 7, and Debian 7.

There are patches already released in many cases (Red Hat and Ubuntu specifically) with other vendors / communities releasing fixes in the immediate future.

Get patching those systems that are publicly accessible!

Leave a comment

Your email address will not be published. Required fields are marked *