CSCus69731 - IOS-XE for Nova device glibc GHOST vulnerability - CVE-2015-0235

15.1(2)SG is listed as affected. Is maintenance release 15.1(2)SG5 also vulnerable?

I am at 15.1(2)SG2 and would like to know if affected. Thanks!

Similar Messages

  • Glibc GHOST vulnerability # CVE-2015-0235.

    Please suggest patch for glibc GHOST vulnerability # CVE-2015-0235 in Oracle Linux server.Please find below details:-
    ./ghost
    Linux JBLDCVSNPRE01 2.6.39-400.214.6.el6uek.x86_64 #1 SMP Thu May 8 03:38:30 PDT 2014 x86_64 x86_64 x86_64 GNU/Linux
    Red Hat Enterprise Linux Server release 6.5 (Santiago)
    Installed glibc version(s)
    - glibc-2.12-1.132.el6_5.1.x86_64: vulnerable

    Hi,
    Please refer this links,
    Linux GHOST vulnerability (CVE-2015-0235) is not as scary as it looks | Symantec Connect
    https://rhn.redhat.com/errata/RHSA-2015-0090.html
    Regards,
    S27

  • Re: glibc GHOST vulnerability # CVE-2015-0235.

    Hi,
    I tried hijacking someone else's forum thread for my own issue, but a kind forum moderator branched it away to (hopefully) stand on its own merits instead of ripping attention away from that original discussion.
    We have an Oracle Appliance ( OVCA ), I am trying to find patch policy of Oracle for the OVCA and OVM environments.
    I read Doc 1965975.1 on MOS but this is explicit for Exalogic.
    So I am not sure if I should install this patch on this appliances.
    Is anyone familiar with Oracle's patch policy regarding OVCA/OVM.
    Thanks in advance,
    Regards,
    Eelke.

    Oracle VM 2.2,  3.2 and 3.3 have all been patched for GHOST: linux.oracle.com | CVE-2015-0235.
    I will look into why 3.3 is listed, but I've checked the repository and the updated glibc RPMs are available. However, I'm not sure what OVCA's patching policy is, so you'd need to open an SR for that.

  • CSCus69732 - IOS-XE Evaluation of glibc GHOST vulnerability - CVE-2015-0235

    Hello,
    What about the versions prior to the ones listed? Are they also affected? Please improve your description so that we know what you mean by this VERY short list of affected versions.
    Thanks,
    Ricardo

    We have updated the release notes to indicate following-
    All versions prior to the following releases are shipping with the vulnerable code. This also includes any train which has already reached end of software maintenance (eg- 3.8.x) 
    15.5(1)S/XE3.14.1S
    15.4(3)S2/XE3.13.3S
    15.4(2)S1/XE3.12.3S
    15.4(1)S3/XE3.11.4S
    15.3(3)S4/XE3.10.6S
    15.2(4)S6/XE3.7.7S
    15.1(3)S7/XE3.4.7S
    Regards,
    Vishnu Asok

  • CSCus69732 - IOS-XE Evaluation of glibc GHOST vulnerability - CVE-2015-0235 - 1

    Hello,
    I have the version 15.2(1)S2 installed. Can I assume this version is vulnerable (since all versions prior to 15.2(4)S6 are)? Or are only the versions 15.2(4)xx considered prior to 15.2(4)S6 (and not the versions 15.2(1)xx to 15.2(3)xx)?
    Thanks!
    Regards,
    Ricardo

    We have updated the release notes to indicate following-
    All versions prior to the following releases are shipping with the vulnerable code. This also includes any train which has already reached end of software maintenance (eg- 3.8.x) 
    15.5(1)S/XE3.14.1S
    15.4(3)S2/XE3.13.3S
    15.4(2)S1/XE3.12.3S
    15.4(1)S3/XE3.11.4S
    15.3(3)S4/XE3.10.6S
    15.2(4)S6/XE3.7.7S
    15.1(3)S7/XE3.4.7S
    Regards,
    Vishnu Asok

  • CSCus69513 - wlc Evaluation of glibc GHOST vulnerability - CVE-2015-0235

    Which are Known Fixed Releases?
    I understand all hw and releases are vulnerable (but bug is not clear in Known Affected Releases section)

    We have updated the release notes to indicate following-
    All versions prior to the following releases are shipping with the vulnerable code. This also includes any train which has already reached end of software maintenance (eg- 3.8.x) 
    15.5(1)S/XE3.14.1S
    15.4(3)S2/XE3.13.3S
    15.4(2)S1/XE3.12.3S
    15.4(1)S3/XE3.11.4S
    15.3(3)S4/XE3.10.6S
    15.2(4)S6/XE3.7.7S
    15.1(3)S7/XE3.4.7S
    Regards,
    Vishnu Asok

  • Linux Ghost Vulnerability CVE-2015-0235

    Just heard about this, the bug is old (discovered around 2013 I believe) but was just released as a security advisory today or yesterday.
    This link shows you how to determine if your system is vulnerable, and how to patch the bug although it doesn't include how to patch on arch systems. I tested my system and it isn't vulnerable, so for the most part if you keep your system up to date it shouldn't be vulnerable either, but it doesn't hurt to check!
    http://www.cyberciti.biz/faq/cve-2015-0 … hel-linux/

    Trilby wrote:I was about to post in this in our grr thread.  Archlinux had the fixed glibc version over a year and a half ago.  Those who say the sky is falling really need to stop and actually look outside once in a while (not referring to this thread - but to my university's IT "professional" who sent out the dumbest email about this to the entire university acting like it was the end of the world).
    On Google+, there's a guy (who I won't name) going around promoting his article about this security vulnerability, which incidentally written in such a way that mother said "so, all Linux devices, including Android phones, are affected, right?". Same guy seems to write articles monthly about how Linux is dying on the Desktop Computer...
    On that note, I wonder whether we need to keep this thread open before it turns into a GRR-fest.

  • Is AsyncOS vulnerable to New Critical GLibc Vulnerability CVE-2015-0235 (aka Ghost)

    Raising for awareness in the community.
    New Critical GLibc Vulnerability CVE-2015-0235 (aka GHOST)
    https://isc.sans.edu/diary/New+Critical+GLibc+Vulnerability+CVE-2015-0235+%28aka+GHOST%29/19237
    Raised a support case and current update is Cicso is investigating if AsynOS is vulnerable
    Paul

    Currently it is being reviewed and looked into:
    http://tools.cisco.com/security/center/viewAlert.x?alertId=37181
    Please refer to the following information, as provided from our Product Security Incident Response Team (PSIRT):
    Complete information about reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco is available on Cisco.com at:
    http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html 
    This web page includes instructions for press inquiries regarding Cisco Security Advisories. All Cisco Security Advisories are available at:
    http://www.cisco.com/go/psirt

  • GHOST Security Vulnerability - CVE 2015-0235

    Dear All,
    I have 2 units of Xserve running on Maverick OS 10.9.5
    Is the Maverick OS 10.9.5 vulnerable to GHOST CVE 2015-0235 threat?
    If yes where can I download the patches?
    Please advise
    Thanks
    Izzychunwei

    No known threat to Macs at present, but will have to wait for confirmation from Apple.
    Have a read here https://jamfnation.jamfsoftware.com/discussion.html?id=13156
    Cheers
    Pete

  • GHOST: glibc vulnerability (CVE-2015-0235)?

    Recently there is a bug detected in glibc, it is affected to oracle enterprise linux, do we need to update glibc, if yes then to what version.
    Currently we are running below version of OS, kindly suggest us on the same.
    Enterprise Linux Enterprise Linux Server release 5.4 (Carthage)
    Red Hat Enterprise Linux Server release 5.4 (Tikanga)

    Also bear in mind that updating from OL5 Update 4 to OL5 Update 11 is not an incompatible update. Part of Oracle Linux product support is ensuring that your system remains compatible with all installed applications when you update to newer OL5 packages.
    The easiest way to do this is to ensure that ol5_latest is enabled in the /etc/yum.repos.d/ yum configuration files, then run "yum update". If you don't yet have the configuration for yum for OL5, go here to set it up:
    http://public-yum.oracle.com/

  • CSCus68892 - N7K assess GHOST vulnerability in glibc and40;CVE-2015-0235)

    The affected releases listed for this advisory state "Known Affected Releases: (4) 4.2(8), 5.2(9), 6.1(5), 6.2(10)"
    Our 7Ks are running 6.1(2), does this mean that any code in the 6.1(x) release below 6.1(5) is affected? Or is it just 6.1(5) specifically and none other running 6.1(x)?
    Thanks,
    Jim

    Hi,
    Please refer this links,
    Linux GHOST vulnerability (CVE-2015-0235) is not as scary as it looks | Symantec Connect
    https://rhn.redhat.com/errata/RHSA-2015-0090.html
    Regards,
    S27

  • CSCus68892 - N7K assess GHOST vulnerability in glibc and40;CVE-2015-0235) - 1

    Wouldn't it be a workaround to disable name resolution by configuring:
    no ip domain-lookup

    Hi,
    Please refer this links,
    Linux GHOST vulnerability (CVE-2015-0235) is not as scary as it looks | Symantec Connect
    https://rhn.redhat.com/errata/RHSA-2015-0090.html
    Regards,
    S27

  • CSCus68798 - ISE is vulnerable to CVE-2015-0235 Linux Ghost remote code execution

    First time trying to follow a specific CVE in Real-Time...
    I see this CVE-2015-0235 GHOST hack is applicable to ISE and Prime Infrastructure... but I haven't seen any patch status update since yesterday.
    CSA says "Obtaining Fixed Software
    Cisco has released free software updates that address the vulnerability described in this advisory."
    Yet, when I check the (2) products' download pages, the newest software I see is from Jan 23 and Jan 6, respectively. The exploit was published on Jan 27. So, where are the patches?

    The team that found the exploit, Qualys Security Advisory, documented that "the most stable and long-term-support distributions were left exposed (and still are): Debian 7 (wheezy), Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7, Ubuntu 12.04, for example."  See the link below for the full report:
    https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
    I'm assuming this is affecting all versions of UC appliances running these OS's (and possibly more that aren't used in the example?).  Anyone know how to determine what products are vulnerable to this?

  • Looking for info on CVE-2015-0235

    Hello,
    I'm looking for information on CVE--2015-0235 or GNC C Library (glibc) Remote Code Execution Vulnerability.
    I would like to see if the affected program is on my servers and if so is Solaris 10 effected?
    Any help would be greatly appreciated.
    Thanks

    We don't ship glibc with Solaris

  • HT5808 I have an original iPad and there have been no recent iOS updates for it. Am I vulnerable to the recent SSL security issues? Is my iPad safe to use?

    I have the original iPad. There have been no recent ios updates for it. Is the SSL security issue a problem? Is my iPad safe to use?

    You are OK. The fix is not necessary in iOS 5.1.1.

Maybe you are looking for

  • When using the lasso tools, how do i disengage from it, in order to adjust it?

    When i am in the process of creating a selection, with the lasso tools, I would like to disengage from the tool, briefly to adjust my selection and then to return and continue to make the selection.  If i press the space bar, it does disengage; but t

  • Re creation of database index

    suppose while updation of database, some of the index are not re created at the database level.. some bug in the backend(oracle) i guess.. can we diagnose this thrugh ABAP, i mean can we check if any index has not been recreated in database table upd

  • How to create and use scales for DAQ-6014 in Labview?

    Hello, In my application, I use the DAQmx-driver to read the 16 analog input terminals of my DAQ-Card. I create a task with all the 16 channels and define for each channels the input domain (from 0 to 10V) and configure them as NRSE. Then I configure

  • How to protect a third party solution developed in Oracle 10G database

    Hello! We are building a third party solution for several specific industries, all the technology is based on Oracle 10G database, meanwhile, we are looking for a solution to protect the IPR to avoid the source code distributed incorrectly. Welcome a

  • The document is not relevant for billing

    Hi Experts, I have a problem while doing STO from plant to depot. I am not able to generate Proforma Invoice. I am using following steps: ME21N, VL10B, VF01. I have check all my setting of STO. And I have set Billing Relevance-D (Relevant for proform