CVE ID
CVE-2015-0235
DESCRIPTION
GHOST is a 'buffer overflow' bug affecting the gethostbyname() and gethostbyname2() function calls in the glibc library. This vulnerability allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application. (published 01/27/2015)
Unitrends risk assessment: Severity High
Although the gethostbyname function is deprecated, it is likely that at least one of the running Linux services uses this function. The updated glibc library rpms should be installed.
RESOLUTION
Fixed in CentOS update repo versions:
-
glibc-2.5-123.el5_11.1 for CentOS5
-
glibc-2.12-1.149.el6_6.5 for CentOS6
To update to the new version of glibc with the fix, either do 'yum update glibc' from the command line, or perform an update from the UI (as of 01/29/2015).