Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2015.0227 Action required for IBM WebSphere Application Server Hypervisor Edition for the GNU C library (glibc) vulnerability (CVE-2015-0235) 30 January 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM WebSphere Application Server Hypervisor Edition Publisher: IBM Operating System: Linux variants Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2015-0235 Reference: ESB-2015.0212 ESB-2015.0190 ESB-2015.0188 ESB-2015.0219.2 Original Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21695726 - --------------------------BEGIN INCLUDED TEXT-------------------- Action required for IBM WebSphere Application Server Hypervisor Edition for the GNU C library (glibc) vulnerability (CVE-2015-0235) Document information More support for: WebSphere Application Server Hypervisor Edition General Software version: 6.1, 7.0, 8.0, 8.5, 8.5.5 Operating system(s): Linux Software edition: All Editions Reference #: 1695726 Modified date: 2015-01-29 Flash (Alert) Abstract IBM WebSphere Application Server Hypervisor Edition requires customer action for the GNU C library (glibc) vulnerability that has been referred to as GHOST. Content IBM WebSphere Application Server Hypervisor Edition ships with Red Hat Enterprise Linux (RHEL) and SUSE Linux Enterprise Server (SLES) Operating systems that are vulnerable to the GNU C library (glibc) vulnerability (CVE-2015-0235). Remediation: IBM strongly recommends you should contact your vendors to obtain fixes and install fixes for RHEL and/or SLES. Red Hat Enterprise Linux GHOST article SUSE Linux Enterprise Server Support Change History: 28 January 2015: original version published - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVMrP/hLndAQH1ShLAQL8qw/7BZk42pV+R45vga8YvP2xig35K6XYzTsG l05eN9ke5FgEAq2xvHVNt6dokzEZRgLGuuTDfqYIcub4YqqoK2NU8tKnlilRVV98 IKjoR0Ah8dvvMxccMD2c+TlWtV1CB3MstBGFiaG0aCKn1EdqRspVhGyPlNdNVMi1 LNy6rUdzXEq4tcaJNGzXC/3w6e8+D4WeeuE4aNcro7vVqMGqy/Kb1JhtMdHkCMjF cwnus+VaI4Lloury3bJXRrODOFy0va/+vWizExDz2jcXl0sZr3U4QMp9ttPWST4X mKkuSL0yW2SX6H4UVrvlReWFM0nw+hsPJPLyRKq9SUyywxQ1rcu2EZpcTxEAfAKH hihXA9FVOYJAgGxhwghWcOh56/O/M2eDrqeNgPPGancJUfqtMilz0JTA8XRSA8Z5 Wi/VMFA6ZirDS+Ni46i6aBpAJbJJGGeRyahME21HBfADqU5K2Le9AxRNOi/PFe+6 TPXrYctO4L+U0+jIWZLZt+0wivJkEZF6d4VYj/aLR0rZrEKlC8QXgGVo7QDXat9t HBFJf/ktOzPS/hzf0qYbkXqIH6G1fr9S7B0UhWBQsRz1LiP0kKWSGLkALRwtJMXt B2Mcbi/x60JnFCWErNna07Pb1mR/skd580SHO6BE0zlrh0AH2pFaZVcEMpDnBww7 7xr9p7Cyh4s= =oF4e -----END PGP SIGNATURE-----