Security Patch for Ghost (CVE-2015-023)

Non Software / Product related discussions
Post Reply
andrew
Posts: 6
Joined: Thu Sep 25, 2014 2:49 pm

Security Patch for Ghost (CVE-2015-023)

Post by andrew » Wed Jan 28, 2015 1:51 pm

Is the OPI vulnerable to the "Ghost" security bug (CVE-2015-0235) (see: http://arstechnica.com/security/2015/01 ... x-systems/).

An extremely critical vulnerability affecting most Linux distributions gives attackers the ability to execute malicious code on servers used to deliver e-mail, host webpages, and carry out other vital functions. ... The vulnerability in the GNU C Library (glibc) represents a major Internet threat, in some ways comparable to the Heartbleed and Shellshock bugs that came to light last year. ... While a patch was issued two years ago, most Linux versions used in production systems remain unprotected at the moment.

If the OPI is vulnerable to the Ghost bug, please put it at the top of the list for the next update.

Thanks,
Andrew

User avatar
tor
Posts: 120
Joined: Thu Aug 14, 2014 3:42 am
Contact:

Post by tor » Thu Jan 29, 2015 6:22 am

Hi Andrew,

OPI should be safe with regards to CVE-2015-023. We do run the latest Ubuntu GLIBC 2.19-0ubuntu6.4 and the Ghost bug should not be present in that.

You can read some more about it here: https://wiki.ubuntu.com/SecurityTeam/Kn ... Base/GHOST

/Tor

andrew
Posts: 6
Joined: Thu Sep 25, 2014 2:49 pm

Post by andrew » Thu Jan 29, 2015 2:07 pm

Great! Thanks, Tor!

Suggestion: Create a security page that lists security bugs by popular name (e.g., Heartbleed, Shellshock, Ghost, etc.) and CVE designation and the status of OPI with regard to the vulnerabilities.

Keep up the good work!

Andrew

Post Reply