Researchers at cloud security company Qualys have discovered a major security vulnerability in the Linux GNU C Library (glbibc). This vulnerability, known as GHOST (CVE-2015-0235), can enable hackers to remotely take control of systems without knowledge of system IDs or passwords. If an attacker successfully exploits the vulnerability, they may be able to take over the affected system.
This vulnerability affects the following Linux products:
- Red Hat Enterprise Linux 5 (server, client)
- Red Hat Enterprise Linux 6, 7 (server, workstation, desktop)
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
- Debian 2.13-38+deb7u6, 2.11.3-4
What is Pitt doing?
Computing Services and Systems Development will be conducting a detailed inventory of enterprise systems and working to remedy any potential vulnerabilities. Additionally, we will be working with departments to remediate any vulnerable systems discovered.
What should I do?
Linux users and system administrators should apply security patches for vulnerable Linux distributions as they become available.
- Red Hat Linux 5 security update: https://rhn.redhat.com/errata/RHSA-2015-0090.html
- Red Hat Linux 6 and 7 security update: https://rhn.redhat.com/errata/RHSA-2015-0092.html
- Ubuntu patches: http://www.ubuntu.com/usn/usn-2485-1/
- Debian patches: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776391
If you manage a server in your department and would like assistance determining if it is susceptible, please contact the Technology Help Desk at 412-624-HELP .