Author Topic: GHOST glibc vulnerability info (CVE-2015-0235)  (Read 1536 times)

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26437
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
GHOST glibc vulnerability info (CVE-2015-0235)
« on: January 27, 2015, 03:13:00 pm »
Before anyone asks....

The glibc/libc6 vulnerability (CVE-2015-0235) that's been nicknamed "GHOST" and will no doubt be heavily reported by the click-fodder press  ::) does NOT apply to the libc6 version in Ubuntu 14.04 and therefore Peppermint 5

It did however apply to the version of libc6 shipped with Ubuntu 10.04 and 12.04, and therefore Peppermint One, ICE, and Peppermint 3 .. patched versions have been released (through security updates), so if you are still running Peppermint One, ICE, or 3 (Three) make sure you're fully updated, that's all you need to do.

http://www.ubuntu.com/usn/usn-2485-1/
and
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GHOST

In short:-

Peppermint 5 = NOT vulnerable

Peppermint 3 = make sure you're up to date

Peppermint One and ICE = make sure you're up to date

Peppermint 2 and 4 = these versions are END OF LIFE so will NOT be receiving any security updates .. so if you're still running Peppermint 2 or Peppermint 4 switch to Peppermint 3 or Peppermint 5 now :)
« Last Edit: January 27, 2015, 04:49:53 pm by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

rjm65

  • Guest
Re: GHOST vulnerability info (CVE-2015-0235)
« Reply #1 on: January 27, 2015, 03:26:13 pm »
Thanks for the information Mark, I still run Peppermint 3 on my gateway since it won't run pep 5,  so when I do my updates on it then it will be fixed up...  :)

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26437
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: GHOST glibc vulnerability info (CVE-2015-0235)
« Reply #2 on: January 27, 2015, 03:38:24 pm »
Yes the patched version of libc6 will be pulled in by a normal system update :)

If you want to check....

In Peppermint 3 run:
Code: [Select]
dpkg -l | grep libc6if it reports you have version:-
2.15-0ubuntu10.10
you're already patched .. if it reports an earlier version, run a full system update, then check again.



In Peppermint One/ICE run:
Code: [Select]
dpkg -l | grep libc6if it reports you have version:-
2.11.1-0ubuntu7.20
you're already patched .. if it reports an earlier version, run a full system update, then check again.
« Last Edit: January 27, 2015, 03:49:10 pm by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec