A vulnerability has been discovered in Linux GNU C Library (glibc) which allows remote code execution via a vulnerability in the gethostbyname function. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.
Linux and UNIX based systems
System owners are advised to apply the latest version of glibc, from their respective Linux and UNIX OS vendors immediately, and reboot their systems to complete the installation.
The UBC IT Satellite server is up-to-date with the current glibc patches for Red Hat 5, 6 & 7; system owners should immediately download the latest patches.
Debian and Ubuntu system owners can receive the latest patches by pointing their servers to mirror.it.ubc.ca
Red Hat glibc latest versions:
Red Hat 5: glibc-2.5-123.el5_11.1
Red Hat 6: glibc-2.12-1.149.el6_6.5
Red Hat 7: glibc-2.17-55.el7_0.5
Red Hat CVE-2015-0235 link:
Red Hat 5 patch versions link:
Red Hat 6 & 7 patch versions link:
CentOS glibc latest versions:
CentOS 5: glibc-2.5-123.el5_11
CentOS 6: glibc-2.12-1.149.el6_6.5
CentOS 7: glibc-2.17-55.el7_0.5
Ubuntu glibc latest versions:
Ubuntu 12.04 LTS: libc6 2.11.1-0ubuntu7.20
Ubuntu 10.04 LTS: libc6 2.15-0ububtu 10.10
Ubuntu CVE-2015-0235 link:
SUSE CVE-2015-0235 link:
Debian glibc latest versions:
Debian CVE-2015-0235 link:
GNU C Library