Forum Stats

  • 3,825,139 Users
  • 2,260,471 Discussions
  • 7,896,426 Comments

Discussions

GHOST: glibc vulnerability (CVE-2015-0235)?

1042337
1042337 Member Posts: 2
edited Feb 9, 2015 10:07AM in Oracle Linux and UEK Preview

Recently there is a bug detected in glibc, it is affected to oracle enterprise linux, do we need to update glibc, if yes then to what version.

Currently we are running below version of OS, kindly suggest us on the same.

Enterprise Linux Enterprise Linux Server release 5.4 (Carthage)

Red Hat Enterprise Linux Server release 5.4 (Tikanga)

Answers

  • Avi Miller-Oracle
    Avi Miller-Oracle Senior Solution Architect, Oracle Cloud Infrastructure Developer Adoption Melbourne, AustraliaPosts: 4,824 Employee
    edited Feb 8, 2015 3:34PM

    Yes, you are vulnerable to GHOST. You are also potentially vulnerable to Shellshock  and POODLE. Oracle Linux 5.4 is woefully old. You should upgrade to Oracle Linux 5.11 which has fixes for all these critical security flaws. The packages that resolve the GHOST vulnerability are listed here: linux.oracle.com | CVE-2015-0235

  • Todd Vierling-Oracle
    Todd Vierling-Oracle Member Posts: 33 Employee
    edited Feb 9, 2015 10:07AM

    Also bear in mind that updating from OL5 Update 4 to OL5 Update 11 is not an incompatible update. Part of Oracle Linux product support is ensuring that your system remains compatible with all installed applications when you update to newer OL5 packages.

    The easiest way to do this is to ensure that ol5_latest is enabled in the /etc/yum.repos.d/ yum configuration files, then run "yum update". If you don't yet have the configuration for yum for OL5, go here to set it up:

    http://public-yum.oracle.com/

This discussion has been closed.