GLIBC 'Ghost' vulnerabilityPublished on January 28, 2015 by Filip Van Tittelboom
Yesterday evening, there was a lot of talk on the ol’ interwebz about the latest ‘Internet Killer’ bug dubbed ‘Ghost’. It’s a GLIBC vulnerability (CVE-2015-0235) affecting almost every Linux distribution. A remote attacker able to call the affected functions could exploit the flaw to execute arbitrary code with the permissions of the user running the application. This makes it a critical vulnerability to be handled with high priority.
This morning we started by rolling out a fix to all managed instances. Considering the significant security-risk, we chose to immediately perform unscheduled reboots (instead of our usual scheduled reboots) in order for the patch to take effect.
Only Ubuntu 10.04 and 12.04 instances were affected. Ubuntu 14.04 LTS instances were unaffected.