Ghost remote code execution vulnerability in glibc

ruprecht · 28. Januar 2015

http://arstechnica.com/securit…fects-most-linux-systems/

For those who are not aware, update and reboot your systems.

In my own experience, my Wheezy OMV system is patched, but my Squeeze OMV system is not, even after a full update. I suppose we will have to wait for Debian to release a security patch. In the meantime I've disabled all port forwarding into my network.

While this isn't a specific OMV issue, it does affect OMV users, so any tips from the experts would be greatly appreciated.

davidh2k · 28. Januar 2015

OpenMediaVault 1.0 is the only currently supported version, which works on top of Debian Wheezy. If people are still on 0.5 or earlier they should upgrade to 1.0.

Greetings
David

earbiter · 28. Januar 2015

According to this article - http://www.zdnet.com/article/c…le-found/#ftag=RSSbaffb68 it says that Debian 7 (wheezy) is vulnerable. I saw somewhere that they updated a list of packages NOT at risk and nginx was on that so hopefully nothing to worry about.

Hopefully this will get patched soon.

subzero79 · 28. Januar 2015

The packages were released today, you can run your apt-get upgrade and reboot

davidh2k · 29. Januar 2015

Zitat von earbiter

I saw somewhere that they updated a list of packages NOT at risk and nginx was on that so hopefully nothing to worry about.

This is a system wide library, its used by dozends of daemons. Reboot your systems after upgrading to be on the safe side.

Greetings
David

earbiter · 29. Januar 2015

The Debian security advisory annonced for the stable distribution (wheezy), these problems have been fixed in
version 2.13-38+deb7u7. I updated this morning and thats what is running on my OMV 1.11 !!

Very nice for it to be fixed and pushed out so quickly

davidh2k · 30. Januar 2015

They didn't even add a changelog in the hurry...

Greetings
David

Jetzt mitmachen!