This is a courtesy notice for any self-managed customers running the following OS;
- Red Hat Enterprise Linux 6 & 7
- CentOS 6 & 7
- CloudLinux 6 & 7
- Debian Squeeze, Wheezy, Jessie
- Ubuntu 12.04 & 14.04
If you have Hivelocity’s Fully Managed Services on your server we have already applied the necessary patch and emailed you with instruction to reboot your server at the earliest convenience.
If you have a self-managed server please read below for more information on this vulnerability and instruction on steps you can take to protect your server.
The vulnerability has been discovered in glibc, one of the core libraries relied upon by the Linux operating system. This vulnerability allows a remote attacker to potentially execute arbitrary code in the system and cause unexpected operating system behavior such as hangs or crashes.
We strongly recommend that you apply system updates as soon as possible. These patches may be found in the security section of your distribution’s website. If you require our assistance or have questions please open a trouble ticket in myVelocity.
More information is available at the following links:
- https://ma.ttias.be/critical-glibc-buffer-overflow-vulnerability-getaddrinfo-linux-cve-2015-7547-cve-2015-5229/
- https://googleonlinesecurity.blogspot.be/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
- https://access.redhat.com/errata/RHSA-2016:0176
