An update for CloudLinux 5 & 6 ��was just released to address the previously mentioned glibc vulnerability and it is recommended to update as soon as possible.

Update Instructions:

yum update glibc

Official Link:

http://cloudlinux.com/blog/clnews/612.php

On Wed, Jan 28, 2015 at 1:32 AM, Peter Reutemann <fracpete@waikato.ac.nz> wrote:

"A very serious security problem has been found and patched in the GNU
C Library (Glibc). A heap-based buffer overflow was found in
__nss_hostname_digits_dots() function, which is used by the
gethostbyname() and gethostbyname2() function calls. A remote attacker
able to make an application call to either of these functions could
use this flaw to execute arbitrary code with the permissions of the
user running the program. The vulnerability is easy to trigger as
gethostbyname() can be called remotely for applications that do any
kind of DNS resolving within the code. Qualys, who discovered the
vulnerability (nicknamed "Ghost") during a code audit, wrote a mailing
list entry with more details, including in-depth analysis and exploit
vectors."

-- sources: http://news.slashdot.org/story/15/01/27/1925208

Cheers, Peter
--
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
http://www.cms.waikato.ac.nz/~fracpete/�� Ph. +64 (7) 858-5174
_______________________________________________
wlug mailing list | wlug@list.waikato.ac.nz
Unsubscribe: http://list.waikato.ac.nz/mailman/listinfo/wlug