-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Subject: "GHOST" (CVE-2015-0235)
**
/ This severe vulnerability detected in the GNU / Linux C Library
gives control to the attackers without requiring system identifiers.
- Patches available today - /
*
On January 27, 2015 - * _Qualys, Inc ._ (NASDAQ: QLYS), the main
security solutions provider and Compliance in the Cloud,
announced that its security research team loaded discovered
in the C library of GNU / Linux (glibc) a critical vulnerability
that allows hackers to take remote control of any one
system, is fully passing système. Qualys a password
worked closely and coordinated with suppliers
Linux distributions to provide a patch for all distributions
of affected Linux systems. This patch is available now
with corresponding suppliers.
Named GHOST (CVE-2015-0235) because it can be triggered by
_gethostbyname the functions and gethostbyaddr_ this vulnerability
affects many systems from Linux glibc version 2.2
published on 10 November 2000. Qualys researchers have also
identified several factors that mitigate the impact of this
vulnerability, including one published May 21, 2013 between patch
glibc-2.17 versions and glibc-2.18. Unfortunately, this patch
not having been classified as a security bulletin, most
stable distributions and enjoying a long term support were
exposed, including Debian 7 ("Wheezy"), Red Hat Enterprise Linux 6 & 7
CentOS 6 & 7 and Ubuntu 12.04.
Qualys customers can detect GHOST using signature
QID 123,191 provided by the Cloud _Qualys Service Vulnerability
Management_ (VM). When they launch the next scan cycle, they
get detailed reports on the exposure of their company
this severe vulnerability. They will be able to estimate its impact on
their activity and effectively monitor the speed of problem resolution.
"GHOST exposed to a remote code execution risk making
operation of a machine by a hacker terribly enfantine.Il
Just such an attacker sends an email on a Linux system
to automatically get full access to this machine "
says Wolfgang Kandek, CTO of Qualys, Inc. "With
Given the number of systems based on glibc, we believe that
This is a serious vulnerability that must be corrected
immediately.The best course of action to mitigate the risk
apply a patch provided by your Linux distribution provider
Jamenson Ferreira Espindula de Almeida Melo
Linux user nº 166197
https://linuxcounter.net/cert/166197.png
Impressão digital da chave:
234D 1914 4224 7C53 BD13 6855 2AE0 25C0 08A8 6180
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBCAAGBQJUyV4wAAoJECrgJcAIqGGA4nYH+gML30qKkNGxFYqw1c+XvYDC
I5lihbSg5B4JYnNALl364yOKCKmEnZ+XamdxuHESFa18X4UNVKlTRsOKrLZ4gC8G
ZrjxgWH9hVYDYR/7AF+TIzfjW2XZ/f7zA9bMRoNiMS19N6ELNsxmkjTvzTQVPsM+
hj/KzvzACe0IxebqUayOpqC5iWx4COBvCz0qrUiHfNt+vCyPooBqyy79zfQD+W5C
nUMP5I7cp+FzaHeGr+/85HC8c3qGMuYLdUaA9U6/bB4fvN8Qs21DDj1heTD0HpF8
kcr1E7kgT2Qi2EjQwddQNb0a6Xbbz6YSp+R1uMbM1hmnwHWHTWBp6QhSTEKhosw=
=VWfa
-----END PGP SIGNATURE-----
--
http://lists.linuxfromscratch.org/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
