Appliance update: gethostbyname vulnerability (GHOST)
Posted: Fri Jan 30, 2015 10:51 am
There is a vulnerability in host name lookup, CVE-2015-0235 aka GHOST, that can affect the appliance in limited cases. It is not vulnerable to ordinary users but an administrator configuring system level services may be able to invoke the bug.
Appliance owners should install all updates available to their appliance via the System Setup->Update Software menu. In particular for this issue you need glibc, glibc@32, glibc-common, and on some systems, nscd. Those should all be updated at the same time and the system rebooted immediately afterwards.
Appliance owners should install all updates available to their appliance via the System Setup->Update Software menu. In particular for this issue you need glibc, glibc@32, glibc-common, and on some systems, nscd. Those should all be updated at the same time and the system rebooted immediately afterwards.