Order a VPS, Semi- dedicated or Dedicated server in Dallas, London or Australia.

Ask our support team about your hosting requirements.

Support

Host where the staff takes pride in making customers happy

Just wanted you to know I've been well-pleased with RimuHosting so far and have most of my services migrated to the server.

- James (#327/338)

Home > Support > Notices > CVE-2015-0235 glibc gethostname 'ghost' vulnerability

Related Links

Notice Links:

Notice

CVE-2015-0235 glibc gethostname 'ghost' vulnerability

Posted	Thu, 29 Jan 2015 05:23 AM UTC Thu, 29 Jan 2015 00:23 AM EST
Last Update	Mon, 9 Feb 2015 01:05 AM UTC (479 weeks ago) Sun, 8 Feb 2015 20:05 PM EST
Status	Closed
RimuHosting autopatch/deghost updates @UTC Wed 4 Feb 0619: We have created a 'deghost' script (http://github.com/pbkwee/deghost) to update the glibc packages. Its key function is to tidy up apt and yum repositories if they are out of date, and to yum/apt install the libc library. It typically works great on Squeeze, Wheezy, Canonical-supported Ubuntus, and Centos 5+ We are running this on customer servers. When that completes you will be able to see the results at http://rimuhosting.com/cp/serverpatchstate.jsp To opt out of the auto patch, please reply to the email we had sent. If you have already patched the server, please do not reply to that email unless you do not wish us to touch your server (since the deghost script would not do anything if your server is already patched). Even after the library is patched servers need to be restarted (so running programs using the old libc can be reload with the new libc). You can do that for a VM at http://rimuhosting.com/cp/vps/restart.jsp Please subscribe to this notice to receive updates. ghost glibc vulnerabilty There is a vulnerability in most versions of the ubiquitous glibc library (which is used by most server binaries: sshd, mysql, ntp, apache, etc) http://chargen.matasano.com/chargen/2015/1/27/vulnerability-overview-ghost-cve-2015-0235.html http://www.openwall.com/lists/oss-security/2015/01/27/9 https://security-tracker.debian.org/tracker/CVE-2015-0235 Patching the vulnerability For modern, supported Debian and Ubuntu distros you can simply run apt-get update; apt-get install libc6 On Centos distros you can run yum install glibc. This should work fine on Centos 7, Centos 6, Centos 5, Debian 7. And Debian 6 if you are using the lts repositories. Ubuntu 14.04 is not affected. Supported Ubuntus per http://en.wikipedia.org/wiki/List_of_Ubuntu_releases#Table_of_versions should also have an update. You can manually run our deghost script by SSH-ing into your server (as root). Then running: `wget https://raw.githubusercontent.com/pbkwee/deghost/master/deghost.sh bash deghost.sh` If you are running an unsupported Ubuntu distro or Debian Lenny (also unsupported) you can use the bash deghost.sh --break-eggs option to attempt to do a dist-upgrade to a stable version. #

Keep You Updated?

Log in to subscribe to changes to this notice.

Set your contact details for future notifications.

RimuHosting : Server hosting service. A Rimu Hosting Ltd business. RimuHosting services include:

Launchtime™ VPS servers.

RimuHosting™ Dedicated servers.

Pingability™ Website monitoring service.

Woop! Host™ Managed Wordpress hosting.

Bakop™ Remote storage account service.

Zonomi™ DNS hosting service.

25 Mail St.™ Managed email hosting.

© RimuHosting Ltd 2002-2024. Rimuhosting, Launchtime and the Rimuhosting logo are RimuHosting™ trademarks.