Security Notice: "Ghost" vulnerability in glibc on Linux systems (CVE-2015-0235)

A Security Risk on Linux Systems has been reported in CVE-2015-0235.  VMTurbo Operations Manager running on openSUSE 12.3 may be impacted by this issue. 

Information Source: According to http://support.novell.com/security/cve/CVE-2015-0235.html

"This problem affects SUSE Linux Enterprise 11 and older products. SUSE Linux Enterprise 12 , openSUSE 13.1 and 13.2 and newer are not affected as they shipped with a already fixed glib."

Currents Status: Still under investigation.  The fixed glib package versions are 2.11.3-17.45.55.5 and VMTurbo has shipped glib 2.17-4.7.1 in openSUSE 12.3, but security scans have picked up a vulnerability on openSUSE 12.3.   VMTurbo is continuously monitoring openSUSE for patches here Request 283182 - openSUSE Build Service.  When a patch is available, you can use the openSUSE repo to update the OS.

openSUSE Bug we are tracking: Bug 913646 – VUL-0: CVE-2015-0235: glibc GHOST: gethostbyname() buffer overflow

 

About the VMTurbo Operations Manager Server:

VMTurbo Operations Manager ships our preconfigured virtual machine image with openSUSE, and since mid 2013, the version is openSUSE 12.3. 

Note to check the version of your operating system, SSH into the server and run the command 

cat /etc/SuSE-release

And the output should be:

openSUSE 12.3 (x86_64)

VERSION = 12.3

CODENAME = Dartmouth

If you have an older version, contact VMTurbo Customer Support.

 

Updated: 29 January 2015

Have more questions? Submit a request

Comments