Note: Please go to docs.rightscale.com to access the current RightScale documentation set. Also, feel free to Chat with us!
Home > FAQs > GHOST (CVE-2015-0235)

GHOST (CVE-2015-0235)

Overview

As you may already be aware, GHOST (CVE-2015-0235) is a 'buffer overflow' bug affect the gethostbyname() and gethostbyname2() function calls in the glibc library.  RightScale has already addressed our publicly available images and environments.  Customers can address the issue on their environment using the RightScript we have published in the MultiCloud Marketplace that will test, and patch the GHOST vulnerability:

CVE-2015-0235 Ghost Vulnerability Update RightScript
http://www.rightscale.com/library/ri.../lineage/52575

 

To use this RightScript, you will need to import it to your RightScale account, and then run as an "Any Script" at the instance or deployment level to patch your systems.  The RightScript tests for vulnerability, if found; it bypasses frozen repos, updates glibc, and then restores the original frozen repos.  After the patch is complete, you may need to restart other services that rely on glibc in order for the patch go into effect.

 

Official CVE: http://web.nvd.nist.gov/view/vuln/de...=CVE-2015-0235

 

You must to post a comment.
Last modified
08:27, 29 Jan 2015

Tags

This page has no custom tags.

Classifications

This page has no classifications.

Announcements

None


© 2006-2014 RightScale, Inc. All rights reserved.
RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks or servicemarks of their respective owners.