Security Patch for Ghost (CVE-2015-023)

Home Forums User Contributions Uncategorized Security Patch for Ghost (CVE-2015-023)

Tagged: 

This topic contains 2 replies, has 2 voices, and was last updated by  Andrew 2 years, 6 months ago.

  • Author
    Posts
  • #777

    Andrew
    Participant

    Is the OPI vulnerable to the “Ghost” security bug (CVE-2015-0235) (see: http://arstechnica.com/security/2015/01/highly-critical-ghost-allowing-code-execution-affects-most-linux-systems/).

    An extremely critical vulnerability affecting most Linux distributions gives attackers the ability to execute malicious code on servers used to deliver e-mail, host webpages, and carry out other vital functions. … The vulnerability in the GNU C Library (glibc) represents a major Internet threat, in some ways comparable to the Heartbleed and Shellshock bugs that came to light last year. … While a patch was issued two years ago, most Linux versions used in production systems remain unprotected at the moment.

    If the OPI is vulnerable to the Ghost bug, please put it at the top of the list for the next update.

    Thanks,
    Andrew

  • #786
    Tor Krill
    Tor Krill
    Keymaster

    Hi Andrew,

    OPI should be safe with regards to CVE-2015-023. We do run the latest Ubuntu GLIBC 2.19-0ubuntu6.4 and the Ghost bug should not be present in that.

    You can read some more about it here: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GHOST

    /Tor

  • #791

    Andrew
    Participant

    Great! Thanks, Tor!

    Suggestion: Create a security page that lists security bugs by popular name (e.g., Heartbleed, Shellshock, Ghost, etc.) and CVE designation and the status of OPI with regard to the vulnerabilities.

    Keep up the good work!

    Andrew

You must be logged in to reply to this topic.

Posted in