Appliance update: gethostbyname vulnerability (GHOST)

Post Reply
User avatar
mark
Site Admin
Posts: 5513
Joined: Tue Apr 25, 2000 6:56 pm

Appliance update: gethostbyname vulnerability (GHOST)

Post by mark »

There is a vulnerability in host name lookup, CVE-2015-0235 aka GHOST, that can affect the appliance in limited cases. It is not vulnerable to ordinary users but an administrator configuring system level services may be able to invoke the bug.

Appliance owners should install all updates available to their appliance via the System Setup->Update Software menu. In particular for this issue you need glibc, glibc@32, glibc-common, and on some systems, nscd. Those should all be updated at the same time and the system rebooted immediately afterwards.
Post Reply