As you may already be aware, GHOST (CVE-2015-0235) is a 'buffer overflow' bug affect the gethostbyname() and gethostbyname2() function calls in the glibc library. RightScale has already addressed our publicly available images and environments. Customers can address the issue on their environment using the RightScript we have published in the MultiCloud Marketplace that will test, and patch the GHOST vulnerability:
To use this RightScript, you will need to import it to your RightScale account, and then run as an "Any Script" at the instance or deployment level to patch your systems. The RightScript tests for vulnerability, if found; it bypasses frozen repos, updates glibc, and then restores the original frozen repos. After the patch is complete, you may need to restart other services that rely on glibc in order for the patch go into effect.
Official CVE: http://web.nvd.nist.gov/view/vuln/de...=CVE-2015-0235
© 2006-2014 RightScale, Inc. All rights reserved.
RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks or servicemarks of their respective owners.