An update for CloudLinux 5 & 6 was just released to address the previously mentioned glibc vulnerability and it is recommended to update as soon as possible. Update Instructions: yum update glibc Official Link: http://cloudlinux.com/blog/clnews/612.php On Wed, Jan 28, 2015 at 1:32 AM, Peter Reutemann <fracpete(a)waikato.ac.nz> wrote:
"A very serious security problem has been found and patched in the GNU C Library (Glibc). A heap-based buffer overflow was found in __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() function calls. A remote attacker able to make an application call to either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the program. The vulnerability is easy to trigger as gethostbyname() can be called remotely for applications that do any kind of DNS resolving within the code. Qualys, who discovered the vulnerability (nicknamed "Ghost") during a code audit, wrote a mailing list entry with more details, including in-depth analysis and exploit vectors."
-- sources: http://news.slashdot.org/story/15/01/27/1925208
Cheers, Peter -- Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174 _______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: http://list.waikato.ac.nz/mailman/listinfo/wlug