efa-project.org


https://forum.efa-project.org/

GHOST Vulnerability

https://forum.efa-project.org/viewtopic.php?t=942

Page 1 of 1

GHOST Vulnerability

Posted: 29 Jan 2015 19:16
by eschuy
https://www.qualys.com/research/securit ... 5-0235.txt

From what I can tell, EFA is vulnerable to this exploit. Is there a recommended course of action to address this?

*Edit*

I did 'sudo yum update glibc' from the shell and it seems to have closed the vulnerability according to my tests. I don't know well enough if that could have potentially broken anything in EFA so if one of you wonderful devs can confirm this is safe, maybe this can be an open and shut fix to one of the nastiest vulnerabilities discovered in Linux in a good long time?

Re: GHOST Vulnerability

Posted: 29 Jan 2015 21:10
by shawniverson
sudo yum update glibc
Yes, I recommend all EFA users run this exactly as you describe to close this vulnerability immediately.

I will add this to the 3.0.0.7 release and see if we can get it out the door asap.

Re: GHOST Vulnerability

Posted: 31 Jan 2015 00:54
by mag
You should reboot after updating glibc

Re: GHOST Vulnerability

Posted: 27 Feb 2015 16:34
by eschuy
I see 3.0.0.7 is out but this issue isn't mentioned in the release notes.

Is this issue addressed in 3.0.0.7? I think users need to know if this is still an important process to perform.

Thanks for all the hard work you guys do - efa rocks!

Re: GHOST Vulnerability

Posted: 27 Feb 2015 16:49
by shawniverson
Yep this is resolved. Forgot to open an issue on this one.

yum took care of it. I will add it to the notes.

Thanks!

https://github.com/E-F-A/v3/issues/155
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited