IDG Contributor Network: Linux hit by critical security hole

The discovery was made by Qualys, a cloud security company. The hole impacts any Linux system built with glibc-2.2 released on November 10, 2000. The vulnerability, called GHOST (CVE-2015-0235), is triggered by the gethostbyname function.

Actually there was a patch released back on May 21, 2013, between the releases of glibc-2.17 and glibc-2.18. However it was not considered to be a security risk and thus major Linux distributions that offer long term support and get security updates remained vulnerable, including Debian 7 (wheezy), Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7 and Ubuntu 12.04.

This time around, Qualys worked closely with the Linux distribution vendors and the patch is already available, I just patched my servers. So if you are running any Linux based servers and systems update them immediately.

To read this article in full or to leave a comment, please click here