Ghost Vulnerability patching confusion

Hi all,
We are currently running ACS v5.4 and were looking to go to patch 7 initially to combat shellshock.
Then GHOST came along so we waited for Cisco's advisory on the best version to go to.
This has now come out and the advisory is less than helpful!!! - https://tools.cisco.com/bugsearch/bug/CSCus68826
On one habd it seems to say 5.4 is good and on the other that all versions are vulnerable!
Can anybody clarify what patch/version we need to negate the vulnerability please :)
Document is too confusing!!!
Tim

Hi Tim,
I have double checked and all 5.x versions are affected. The fixes are not available for 5.4 or 5.3 but 5.5 and 5.6. Kindly upgrade to get the fixes.
Regards,
Kanwal
Note: Please mark answers if they are helpful.

Similar Messages

  • The GHOST Vulnerability VMware Products

    Good morning,
    I have been asked to verify if the recently released Ghost Vulnerability effects any of the VMware products that we have in house. Here are the products that we have:
    ESXi 5.0 - 5.5
    vCenter Operations Manager 5.8 (SUSE Linux Enterprise 11)
    vCenter Log Insight (SUSE Linux Enterprise 11)
    vCloud Automation Center
    VMware Postgres Database Appliance (SUSE Linux Enterprise 11)
    vCenter Orchestrator Appliance (SUSE Linux Enterprise 11)
    vSphere Management Assistant (vMA) (SUSE Linux Enterprise 11)
    Does anyone know if these products are affected? If they are, does VMware have a patch in place to remediate the vulnerability?
    Thanks for your help.
    Tim

    Keep watch on :VMware Security Advisories (VMSAs) | United States
    Good read on the same :Not So Spooky: Linux "Ghost" Vulnerability
    oss-security - Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow

  • Glibc GHOST vulnerability # CVE-2015-0235.

    Please suggest patch for glibc GHOST vulnerability # CVE-2015-0235 in Oracle Linux server.Please find below details:-
    ./ghost
    Linux JBLDCVSNPRE01 2.6.39-400.214.6.el6uek.x86_64 #1 SMP Thu May 8 03:38:30 PDT 2014 x86_64 x86_64 x86_64 GNU/Linux
    Red Hat Enterprise Linux Server release 6.5 (Santiago)
    Installed glibc version(s)
    - glibc-2.12-1.132.el6_5.1.x86_64: vulnerable

    Hi,
    Please refer this links,
    Linux GHOST vulnerability (CVE-2015-0235) is not as scary as it looks | Symantec Connect
    https://rhn.redhat.com/errata/RHSA-2015-0090.html
    Regards,
    S27

  • JBIG2 vulnerability patches for AA7 and AA8 ?

    OK , I have Reader v9.1 and the MSP patch for Acrobat 9.0
    What about the JBIG2 vulnerability patches for AA7 and AA8 ?
    When will they be released ?
    Dave

    From: <[email protected]><br /><br />| 18th of MArch:<br />|  <a href=http://www.adobe.com/support/security/bulletins/apsb09-03.html><br /><br /><br /><br />Righteous -- Gratzi!<br /><br />-- <br />Dave

  • CSCus68892 - N7K assess GHOST vulnerability in glibc and40;CVE-2015-0235)

    The affected releases listed for this advisory state "Known Affected Releases: (4) 4.2(8), 5.2(9), 6.1(5), 6.2(10)"
    Our 7Ks are running 6.1(2), does this mean that any code in the 6.1(x) release below 6.1(5) is affected? Or is it just 6.1(5) specifically and none other running 6.1(x)?
    Thanks,
    Jim

    Hi,
    Please refer this links,
    Linux GHOST vulnerability (CVE-2015-0235) is not as scary as it looks | Symantec Connect
    https://rhn.redhat.com/errata/RHSA-2015-0090.html
    Regards,
    S27

  • CSCus68892 - N7K assess GHOST vulnerability in glibc and40;CVE-2015-0235) - 1

    Wouldn't it be a workaround to disable name resolution by configuring:
    no ip domain-lookup

    Hi,
    Please refer this links,
    Linux GHOST vulnerability (CVE-2015-0235) is not as scary as it looks | Symantec Connect
    https://rhn.redhat.com/errata/RHSA-2015-0090.html
    Regards,
    S27

  • GB legislative patch confusion

    We went live on HR and Payroll in March (11.5.10.2), so of course I then had to look at legislative patches.
    Having found note 145837.1, I though this was not too bad, but I am now getting confused.
    Just wondered if anyone else has gone through the following and can offer me any advice ....
    1) In the past month or so, patches 6652235, 6825361 have appeared under 11i RUP2 for GB (145837.1) and are still listed in the Change History, but are no longer in the GB section. Why is this ? They do not appear to be have been included in other patches.
    2) I have today found note 123810.1 (Oracle UK Payroll 11i Mandatory Patches). This lists 6811030 - P46 Car Changes, but these P46 updates also appear to be in 6652235.
    Do I need both or just 6652235 ?
    3) Similarly, note 123810.l mentions 6786778 (P11D Legislative changes), but these also appear to be in 6825361
    If anyone can point me in the right direction I would appreciate it.
    Regards,
    Colin

    Hello,
    The communication from Oracle Payroll UK suggests to apply GB Legislative Patch 6825361 (a HRGlobal patch) and 6786778 (for P11D). 6652235 seems to be an older version of 6825361.
    As you went live only this March, I think you may have to generate P11D from legacy system. If that's the case then 6786778 can wait.
    Please note that Patch 6899505 is another patch for budget changes. The new tax rate is effective from 18-May-2008 and this patch must go into production before that.
    Regards,
    Balu

  • Ghost Recon Patch is gone!!

    I know the solution to Ghost Recon Bundled with MSI video card involve downloading the MSI_GR_Fix.zip patch is given. However, the file which the link previously point to is missing and ubisoft is not really very helpful in providing me the link. Can anyone tell me a better place to download the file? Or can anyone send me a copy of the file? Pls PM me.

    My Pleasure.
    Ubisoft told me not to post it when they first gave it to me a yaer or two ago, but I see no reason why it shouldn't be available to those who need it, especially if they killed the link
    Good thing I kept in my archive

  • Client DNS Vulnerability Patch

    I've been searching on Sunsolve, BigAdmin, and here and I'm guessing my search foo is somehow lacking.
    Is there a document or patch to fix the August DNS vulnerability on the client side (the stub resolver and caching DNS)? I've already patched the DNS servers but can't seem to find any information on patching clients.
    Thanks for any help.
    Carl

    See [Sun Alert 239392|http://sunsolve.sun.com/search/document.do?assetkey=1-66-239392-1] for which patches resolve this problem for a particular OS and platform. The client and server fixes are both contained in the same patch.

  • Re: glibc GHOST vulnerability # CVE-2015-0235.

    Hi,
    I tried hijacking someone else's forum thread for my own issue, but a kind forum moderator branched it away to (hopefully) stand on its own merits instead of ripping attention away from that original discussion.
    We have an Oracle Appliance ( OVCA ), I am trying to find patch policy of Oracle for the OVCA and OVM environments.
    I read Doc 1965975.1 on MOS but this is explicit for Exalogic.
    So I am not sure if I should install this patch on this appliances.
    Is anyone familiar with Oracle's patch policy regarding OVCA/OVM.
    Thanks in advance,
    Regards,
    Eelke.

    Oracle VM 2.2,  3.2 and 3.3 have all been patched for GHOST: linux.oracle.com | CVE-2015-0235.
    I will look into why 3.3 is listed, but I've checked the repository and the updated glibc RPMs are available. However, I'm not sure what OVCA's patching policy is, so you'd need to open an SR for that.

  • Linux Ghost Vulnerability CVE-2015-0235

    Just heard about this, the bug is old (discovered around 2013 I believe) but was just released as a security advisory today or yesterday.
    This link shows you how to determine if your system is vulnerable, and how to patch the bug although it doesn't include how to patch on arch systems. I tested my system and it isn't vulnerable, so for the most part if you keep your system up to date it shouldn't be vulnerable either, but it doesn't hurt to check!
    http://www.cyberciti.biz/faq/cve-2015-0 … hel-linux/

    Trilby wrote:I was about to post in this in our grr thread.  Archlinux had the fixed glibc version over a year and a half ago.  Those who say the sky is falling really need to stop and actually look outside once in a while (not referring to this thread - but to my university's IT "professional" who sent out the dumbest email about this to the entire university acting like it was the end of the world).
    On Google+, there's a guy (who I won't name) going around promoting his article about this security vulnerability, which incidentally written in such a way that mother said "so, all Linux devices, including Android phones, are affected, right?". Same guy seems to write articles monthly about how Linux is dying on the Desktop Computer...
    On that note, I wonder whether we need to keep this thread open before it turns into a GRR-fest.

  • Recent Safari vulnerability patch

    Obviously most people have heard about the recent PDF rendering vulnerability in iOS, including 4.
    My question is, are those folks still running 3.1 (i.e. those that don't want 4, or can't have 4) going to get the patch too, or are we left with our butts flappin' in the wind?
    I haven't found any specifics on the net as to whether or not they're going back to 3 for security patches. I sure hope so. I'm not psyched about buying a whole new iPod touch just for a security patch, when my Gen1 works perfectly fine otherwise.

    It affects the iPad running iOS 3.2.1 so it seems likely that it affects 3.1.x users as well. The fact that the jailbreaking code doesn't work on 3.1 doesn't mean the underlying vulnerabilities that code leverages don't exist on the earlier versions of the OS as well. Unfortunately Apple haven't said whether they need to, or intend to, patch earlier versions of iOS. As a 1G iPod touch user I sure wish they would.
    Now that the exploit code has been released publicly it is critical users of iOS 3.1.x know where they stand.
    Message was edited by: David Shanahan

  • Quarter Patch Confusion

    Hi All,
    Client has requested to apply a second quarter patch.
    However the quarter patch is yet released now.
    As per the oracle doc, The quarter patches dates are following.
    From the below patches which one is the 2nd quarter patches.
    17 July 2012
    16 October 2012
    15 January 2013
    16 April 2013
    Environment information:
    OS : RHEL 5
    Db : 11.1.0.7
    Please Suggest.
    Thanks and Regards,

    Hi;
    From the below patches which one is the 2nd quarter patches.
    17 July 2012
    16 October 2012
    15 January 2013
    16 April 2013Critical Patch Update - January 2012 << 1th quarter
    Critical Patch Update - April 2012 << 2th quarter
    Critical Patch Update - July 2012 << 3th quarter
    Critical Patch Update - October 2012 << 4th quarter
    Regard
    Helios

  • 3rd Party Application Vulnerability Patching-Automating and Best Practices-HELP!

    Using Kaspersky Security Center Version 10.1.249I have been tasked to come up with a process to manage our Microsoft workstations and Servers to patch 3rd party Vulnerabilities (WSUS is managing the Microsoft side).New to the KSC interface since i have inherited the install but was wondering if i could request some remedial assistance almost to the point of step by step on how I can automate the approval, download and install of "Critical" Vulnerabilites.I understand that everything is a "task" in KSC but I am not finding anything online and i Prefer the assistance of my spiceworks colleagues over calling support.I was playing around today with individual pc's in our IT group but it only worked after I MANUALLY approved the critical severity (kl)update under software updates.Requirements:Currently we scan for vulnerabilities once a...
    This topic first appeared in the Spiceworks Community

    I recommend finding out exactly why they would need administrative privileges and find GPO settings that would work for your organization. If they only need to install Drivers lets say, then only give them privileges to do that. 
    I personally work in the IT Department (Army of two) in an environment that has hundreds of users. They program, manufacture, and design various products and we are not flooded with requests. No user has administrative privileges aside from the us two in
    the IT Department. This allows us to better control the environment.
    By allowing your users to have administrative privileges, they will always have the capabilities to "Override" your policies for at least the computers they have administrative privileges.
    Of course, each environment is different and should be considered differently when setting up users rights and privileges. To perform their daily functions, ask yourself what administrative privileges do they need? Maybe only allow them those privileges
    through GPO.

  • Forte 6U2 - patch confusion

    While trying to update our compiler to the newest patch set, I ran into the following problem. From access1, patch 111683-14 requires patch 111690-10 or greater to be installed. 111690-10 is not listed on access1 as a patch. When I tried to install 111690-10 after getting it from sunsolve, the patch installation failed, saying that "One or more patch packages included in 111690-10 are not installed on this system."
    111690-10 appears to be an update to the Fortran subcomponent of Forte 6U2, (I guess contained in the Hi-perf package), which we did not install, because we don't use fortran. But this is sort of a problem, because it means that we can't install the latest debugger patch.
    Any suggestions?

    You can find 111690-10 from access1 at:
    http://access1.sun.com/patch.public/cgi-bin/show_list.cgi/wrk/Forte_Fortran_6u2_SPARC
    With the next dbx patch release, the dependency problem will be removed. Please wait until the next dbx patch comes out.
    - Rose

Maybe you are looking for

  • XI: Sender Mail Adapter - Mailinformation

    Hi there, we are currently developing an email to multiple IDOC szenario which works fine so far. We receive emails with an attachement. In the mail-sender-chanel we use swap-bean and an itemfield parsing to get this attachement into xml. My problem

  • How to use output of a Query as an input to another Query

    Dear BI experts, We have a unique requirement. We are multinational company and employees moving from Country to another. I have created a Bex query to give me the list of countries that employees have been since they joined the company. The columns

  • Best way to save iMovie Projects

    I am using iMovieHD and have about 50 hours of video to import and then to save. I recently bought a LaCie 250G hard drive. I do not know the best way to save these movies which I have imported and edited but since they are in effect out family treas

  • Problem oracle text

    Hi, I have installed oracle text option in 10.2.0.2 version but when i watch dba_registry select comp_name, status, substr(version,1,10) as version from dba_registry where comp_id = 'CONTEXT'; COMP_NAME STATUS VERSION Oracle Text INVALID 10.2.0.2.0 W

  • Created a class...

    I created this class on paper and I dont have access to a computer that I am able to test it on. But from what I can see it seems that it is correct and should work according to what the function descriptions say and I was just wondering if any of yo