GNU C Library Vulnerability — aka GHOST [CVE 2015-0235]

Zimbra is aware of a Linux vulnerability, specifically the GNU C Library.

Details

The vulnerability appears to have been found by Qualys and disclosed in security advisory CVE 2015-0235. It should be noted that the vulnerability was patched in v 2.17 of the library, but at the time was not categorized as a security issue, leading many to maintain stable versions, i.e. vulnerable versions. This is an operating system vulnerability; at this time, and to the best of our knowledge, there are no known exploits against Zimbra’s software related to CVE 2015-0235.

**Recommendation**

Zimbra recommends that anyone running Linux update their systems as soon as possible. And while Linux doesn’t usually require a restart, it is recommended to ensure all underlying software services are patched.

Patches or acknowledgements

GNU C Library’s upstream Git
Ubuntu
Debian
Red Hat
CentOS
SUSE

- Phil

Note: the original post was updated slightly to clarify the relationship between the vulnerability and the lack of known exploits against software shipped by Zimbra.

Login to post a comment
Supported By Jabetto