GHOST vulnerability with glibc library on Linux

Version 1

    Details

    PROBLEM
    The recently discovered glibc vulnerability nicknamed "GHOST" has been published by [url=https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability:]Qualys[/url:] and you may be affected if your environment employs one of several Linux distributions on servers.

    ENVIRONMENT
    Many Linux distributions including (but not limited to):

    CentOS 6 & 7
    Debian 7
    Red Hat Enterprise Linux 6 & 7
    Ubuntu 10.04 & 12.04
    End of Life Linux Distributions

    RESOLUTION
    The glibc libraries are stored locally on servers that run Linux distributions. To resolve, the servers must have their glibc libraries updated to a version that is not affected by the vulnerability.

    The affected versions of glibc libraries are versions 2.2 through 2.17. The vulnerability is fixed in versions 2.18 and above (most recent being 2.20). The resolution for this is to ensure all Linux servers are running glibc versions 2.18 or higher and if not, to update the glibc library.

    ADDITIONAL INFORMATION
    For detailed assistance updating your glibc library versions on common Linux distributions, please review the tutorial published by [url=https://www.digitalocean.com/community/tutorials/how-to-protect-your-linux-server-against-the-ghost-vulnerability:]DigitalOcean[/url:].


    Resolution

    PROBLEM
    The recently discovered glibc vulnerability nicknamed  "GHOST" has been published by  [url=https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability:]Qualys[/url:]  and you may be affected if your environment employs one of several  Linux distributions on servers.

    ENVIRONMENT
    Many Linux distributions including (but not limited to):

    CentOS 6 & 7
    Debian 7
    Red Hat Enterprise Linux 6 & 7
    Ubuntu 10.04 & 12.04
    End of Life Linux Distributions

    RESOLUTION
    The  glibc libraries are stored locally on servers that run Linux  distributions. To resolve, the servers must have their glibc libraries  updated to a version that is not affected by the vulnerability.

    The  affected versions of glibc libraries are versions 2.2 through 2.17. The  vulnerability is fixed in versions 2.18 and above (most recent being  2.20). The resolution for this is to ensure all Linux servers are  running glibc versions 2.18 or higher and if not, to update the glibc  library.

    ADDITIONAL INFORMATION
    For detailed assistance  updating your glibc library versions on common Linux distributions,  please review the tutorial published by  [url=https://www.digitalocean.com/community/tutorials/how-to-protect-your-linux-server-against-the-ghost-vulnerability:]DigitalOcean[/url:].