We just got this notice of a core vulnerability from our Dedicated Server host (GoGrid) …
Does web min automatically push system updates like this to the core OS…? i suspect not, but I wanted to ask first. We are on CentOS6
Security researchers have announced a vulnerability affecting Linux based operating systems
(CVE-2015-0235). All versions of Linux are potentially vulnerable. This vulnerability may allow an attacker to remotely execute arbitrary code on any unpatched systems.
Vulnerability analysis has determined that a heap-based buffer overflow was found in a function of glibc. A remote attacker may be able to make vulnerable applications perform a DNS resolution on malicious user supplied data and could use this flaw to execute arbitrary code in the context of the affected application.
In order to avoid exploitation from CVE-2015-0235, ensure that your systems are updated with the glibc security updates listed below:
Errata for RHEL 5: http://go.gogrid.com/e/3442/errata-RHSA-2015-0090-html/36l8cs/699693431
Errata for RHEL 6/7: http://go.gogrid.com/e/3442/errata-RHSA-2015-0092-html/36l8cv/699693431
Ubuntu Linux version 10.04, 12.04 LTS: http://go.gogrid.com/e/3442/usn-usn-2485-1-/36l8cx/699693431
Debian Linux version 6/7: http://go.gogrid.com/e/3442/security-2015-dsa-3142/36l8cz/699693431
CentOS Linux version 5: http://go.gogrid.com/e/3442/ounce-2015-January-020906-html/36l8d2/699693431
CentOS Linux version 6: http://go.gogrid.com/e/3442/ounce-2015-January-020907-html/36l8d4/699693431