GHOST vulnerability in glibc (CVE-2015-0235)
This is an advisory regarding a security issue in the glibc library also known as GHOST.
The following information was made available by Red Hat concerning this vulnerability: A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.
For further information, please refer to the References section.
Current analysis of our products indicated that there is no known security issue based on this vulnerability.
Regardless of this, we advise that all Linux servers using a vulnerable version of glibc are patched immediately, as there might be currently unknown situations or other vulnerable services active that may compromise the systems integrity.
Following an update of glibc there may be a change in localisation for some Fabasoft products.
If you experience problems, such as an incorrect date format, please rerun the setup of the Fabasoft product to correct the system settings
- RHSA-2015:0092-1 - Critical: glibc security update (Red Hat)
- CVE-2015-0235 (Mirte)
- Critical glibc update (CVE-2015-0235) in gethostbyname() calls
- Ghost: Uralte Lücke in Glibc bedroht Linux-Server (Heise)
- Fabasoft Folio
- Fabasoft eGov-Suite
- Fabasoft Mindbreeze