Heads up everybody – a Linux vulnerability known as GHOST (CVE-2015-0235), discovered by Qualys, has recently been publicized. This particular vulnerability is a nasty one, since it allows for remote code execution.
The vulnerability has been exhaustively documented in this Security Advisory, which you may find interesting. In short, the vulnerability exists within glibc in
__ns_hostname_digits_dots(), which deals with hostname resolution via the
Am I Vulnerable?
Yes, most likely. In order to address this, you’ll want to ensure that you have updated and rebooted your systems.
Debian and Ubuntu have updated packages for their supported distributions. Run
apt-get update && apt-get dist-upgrade to bring your system up to date, and then reboot to ensure no references to the old libraries still exist.
For other popular distributions, please follow their equivalent steps for upgrading packages. For more information, you can follow our GHOST guide.
Is Linode Infrastructure vulnerable?
No. Our Security Team has worked to protect our infrastructure from this vulnerability and we have taken the appropriate steps to address this issue on all of our systems.
Filed under: announcements by Jonathan Leal