Hi,
Will an update be sent out through Virtualmin GPL for the Ghost vulnerability?
According to the instructions from my hosting company, my Virtualmin server is vulnerable. They say there’s not a yum update for the latest glibc for CentOS.
If not through Virtualmin nor yum, what do you suggest we do to take care of this?
Chris
Hi,
It might be interesting for you to read about how Redhat the maintainer of Redhat Enterprise (which CentOS is based on) does “backporting”. Sometimes people think they’re not protected from something when in fact a backported version of the product does offer the protection while not sharing the upstream version number.
Here’s the article in question:
https://access.redhat.com/security/updates/backporting
Best Regards,
Peter Knowles
TPN Solutions
Email: pknowles@tpnsolutions.com
Phone: 604-782-9342
Skype: tpnsupport
Website: http://www.tpnsolutions.com
Ask me about my new support plans which include a FREE copy of Virtualmin Pro!!!
Howdy,
We definitely recommend patching your server. Most distros that Virtualmin supports are also affected by the Ghost security bug.
There is actually an update for glibc on CentOS – if you run a “yum update”, it should offer a glibc related update. Performing that update will patch your system against Ghost, though you would also need to either restart all services that use it, or perhaps perform a reboot which may be a bit simpler.
-Eric
I just did the CentOS glibc update. Is there any potential residual damage done to the servers while waiting for the update?
On this one you need to reboot for changes to take effect I believe.
Only Ubuntu seem to give this last bit of critical information.
The next stable Debian will have a ‘restartneeded’ program in the std repos I believe.
Very important to be getting on the security mailing lists of your server distro.
Some distros are faster than others getting their act together.
The chances of being hacked because of these complicated vulnerabilities for john doe are slim.
Howdy,
Yup! Anytime a security issue is present on a server and unpatched, there’s always an opportunity for bad guys to get in there prior to it being patched.
Fortunately, you patched it quickly, which greatly reduces the risk of that kind of problem. In my opinion it’s unlikely something bad happened, but you’d certainly want to keep an eye on your server and make sure you don’t see anything unusual going on.
-Eric
Ah, there wasn’t a yum update when I wrote the first post here, but there is now 
Updating now, thanks!
Chris