https://www.qualys.com/research/securit ... 5-0235.txt
From what I can tell, EFA is vulnerable to this exploit. Is there a recommended course of action to address this?
*Edit*
I did 'sudo yum update glibc' from the shell and it seems to have closed the vulnerability according to my tests. I don't know well enough if that could have potentially broken anything in EFA so if one of you wonderful devs can confirm this is safe, maybe this can be an open and shut fix to one of the nastiest vulnerabilities discovered in Linux in a good long time?
GHOST Vulnerability
-
shawniverson
- Posts: 3783
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: GHOST Vulnerability
Yes, I recommend all EFA users run this exactly as you describe to close this vulnerability immediately.sudo yum update glibc
I will add this to the 3.0.0.7 release and see if we can get it out the door asap.
Re: GHOST Vulnerability
You should reboot after updating glibc
Re: GHOST Vulnerability
I see 3.0.0.7 is out but this issue isn't mentioned in the release notes.
Is this issue addressed in 3.0.0.7? I think users need to know if this is still an important process to perform.
Thanks for all the hard work you guys do - efa rocks!
Is this issue addressed in 3.0.0.7? I think users need to know if this is still an important process to perform.
Thanks for all the hard work you guys do - efa rocks!
-
shawniverson
- Posts: 3783
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: GHOST Vulnerability
Yep this is resolved. Forgot to open an issue on this one.
yum took care of it. I will add it to the notes.
Thanks!
https://github.com/E-F-A/v3/issues/155
yum took care of it. I will add it to the notes.
Thanks!
https://github.com/E-F-A/v3/issues/155