[ALUG] GHOST GLIBC LIBRARY VULNERABILITY

Kambey L. Kisambu kambeylk at gmail.com
Wed Jan 28 12:50:05 EAT 2015 

Hello Linux/System Admins,

If you running CentOS or RedHat based OS then kindly ASAP upgdate the
glibc library as there is a glibc vulnerability as below:-

View in a Web Browser
<http://app.engage.redhat.com/e/es.aspx?s=1795&e=525492&elq=b9bd25708d3b41e59e6ea64e0f71e791>[image:
Red Hat]
<http://app.engage.redhat.com/e/er?s=1795&lid=1265&elq=b9bd25708d3b41e59e6ea64e0f71e791>
GHOST GLIBC LIBRARY VULNERABILITYLEARN MORE
<http://app.engage.redhat.com/e/er?s=1795&lid=22388&elq=b9bd25708d3b41e59e6ea64e0f71e791>

Red Hat Product Security is aware of a critical vulnerability in the glibc
library. This vulnerability is commonly known as GHOST and has been assigned
 *CVE-2015-0235*
<http://app.engage.redhat.com/e/er?s=1795&lid=22389&elq=b9bd25708d3b41e59e6ea64e0f71e791>
.

GHOST is a 'buffer overflow' bug affecting the gethostbyname() and
gethostbyname2() function calls in the glibc library. This vulnerability
allows a remote attacker to execute arbitrary code with the permissions of
the user running the application.

The gethostbyname() function calls are used for DNS resolving, which is a
very common event. To exploit this vulnerability, an attacker must trigger
a buffer overflow by supplying an invalid hostname argument to an
application that then calls gethostbyname().

*The easiest way to check vulnerability and/or confirm remediation is the
Red Hat Access Lab: GHOST - gethostbyname Detector
<http://app.engage.redhat.com/e/er?s=1795&lid=22390&elq=b9bd25708d3b41e59e6ea64e0f71e791>*

For more information, please see this Red Hat Customer Portal *Knowledge
Article*
<http://app.engage.redhat.com/e/er?s=1795&lid=22388&elq=b9bd25708d3b41e59e6ea64e0f71e791>
.

If you have questions or concerns, please contact *Red Hat Technical
Support*
<http://app.engage.redhat.com/e/er?s=1795&lid=22391&elq=b9bd25708d3b41e59e6ea64e0f71e791>
.

-- 

Kambey L. Kisambu
ICT Officer  -   Systems Administration
e-Government Agency, President's Office, Public Service Management
Samora Avenue, Extelecom Building, 2nd Floor
P.O.Box 4273
Dar es Salaam
Mobile: +25576(1)7688450
Phone: +255222129868/74
Email: kambey.lotoishe at ega.go.tz
Personal Email: kambeylk at gmail.com

Website: www.ega.go.tz

<http://www.ega.go.tz/>

 "*You Are Never Old To Set Another Goal Or To Dream A New Dream"*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.habari.co.tz/pipermail/linux/attachments/20150128/365d6e48/attachment-0003.html>

More information about the Linux mailing list