Will an update be sent out through Virtualmin GPL for the Ghost vulnerability?
According to the instructions from my hosting company, my Virtualmin server is vulnerable. They say there’s not a yum update for the latest glibc for CentOS.
If not through Virtualmin nor yum, what do you suggest we do to take care of this?
It might be interesting for you to read about how Redhat the maintainer of Redhat Enterprise (which CentOS is based on) does “backporting”. Sometimes people think they’re not protected from something when in fact a backported version of the product does offer the protection while not sharing the upstream version number.
We definitely recommend patching your server. Most distros that Virtualmin supports are also affected by the Ghost security bug.
There is actually an update for glibc on CentOS – if you run a “yum update”, it should offer a glibc related update. Performing that update will patch your system against Ghost, though you would also need to either restart all services that use it, or perhaps perform a reboot which may be a bit simpler.
Yup! Anytime a security issue is present on a server and unpatched, there’s always an opportunity for bad guys to get in there prior to it being patched.
Fortunately, you patched it quickly, which greatly reduces the risk of that kind of problem. In my opinion it’s unlikely something bad happened, but you’d certainly want to keep an eye on your server and make sure you don’t see anything unusual going on.