Page 1 of 1

Security Patch for Ghost (CVE-2015-023)

Posted: Wed Jan 28, 2015 1:51 pm
by andrew
Is the OPI vulnerable to the "Ghost" security bug (CVE-2015-0235) (see: http://arstechnica.com/security/2015/01 ... x-systems/).

An extremely critical vulnerability affecting most Linux distributions gives attackers the ability to execute malicious code on servers used to deliver e-mail, host webpages, and carry out other vital functions. ... The vulnerability in the GNU C Library (glibc) represents a major Internet threat, in some ways comparable to the Heartbleed and Shellshock bugs that came to light last year. ... While a patch was issued two years ago, most Linux versions used in production systems remain unprotected at the moment.

If the OPI is vulnerable to the Ghost bug, please put it at the top of the list for the next update.

Thanks,
Andrew

Posted: Thu Jan 29, 2015 6:22 am
by tor
Hi Andrew,

OPI should be safe with regards to CVE-2015-023. We do run the latest Ubuntu GLIBC 2.19-0ubuntu6.4 and the Ghost bug should not be present in that.

You can read some more about it here: https://wiki.ubuntu.com/SecurityTeam/Kn ... Base/GHOST

/Tor

Posted: Thu Jan 29, 2015 2:07 pm
by andrew
Great! Thanks, Tor!

Suggestion: Create a security page that lists security bugs by popular name (e.g., Heartbleed, Shellshock, Ghost, etc.) and CVE designation and the status of OPI with regard to the vulnerabilities.

Keep up the good work!

Andrew