Operating System:

[LINUX]

Published:

30 January 2015

Protect yourself against future threats.

//Service

AusCERT Education

Enhance your knowledge with our exceptional one day training offerings for individuals and organisations

Read more
Resources > Security Bulletins > ESB-2015.0227 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2015.0227
Action required for IBM WebSphere Application Server Hypervisor Edition for
          the GNU C library (glibc) vulnerability (CVE-2015-0235)
                              30 January 2015

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM WebSphere Application Server Hypervisor Edition
Publisher:         IBM
Operating System:  Linux variants
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2015-0235  

Reference:         ESB-2015.0212
                   ESB-2015.0190
                   ESB-2015.0188
                   ESB-2015.0219.2

Original Bulletin: 
   http://www-01.ibm.com/support/docview.wss?uid=swg21695726

- --------------------------BEGIN INCLUDED TEXT--------------------

Action required for IBM WebSphere Application Server Hypervisor Edition for 
the GNU C library (glibc) vulnerability (CVE-2015-0235)

Document information

More support for:

WebSphere Application Server Hypervisor Edition

General

Software version:

6.1, 7.0, 8.0, 8.5, 8.5.5

Operating system(s):

Linux

Software edition:

All Editions

Reference #:

1695726

Modified date:

2015-01-29

Flash (Alert)

Abstract

IBM WebSphere Application Server Hypervisor Edition requires customer action 
for the GNU C library (glibc) vulnerability that has been referred to as 
GHOST.

Content

IBM WebSphere Application Server Hypervisor Edition ships with Red Hat 
Enterprise Linux (RHEL) and SUSE Linux Enterprise Server (SLES) Operating 
systems that are vulnerable to the GNU C library (glibc) vulnerability 
(CVE-2015-0235).

Remediation:

IBM strongly recommends you should contact your vendors to obtain fixes and 
install fixes for RHEL and/or SLES.

Red Hat Enterprise Linux GHOST article

SUSE Linux Enterprise Server Support

Change History:

28 January 2015: original version published

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVMrP/hLndAQH1ShLAQL8qw/7BZk42pV+R45vga8YvP2xig35K6XYzTsG
l05eN9ke5FgEAq2xvHVNt6dokzEZRgLGuuTDfqYIcub4YqqoK2NU8tKnlilRVV98
IKjoR0Ah8dvvMxccMD2c+TlWtV1CB3MstBGFiaG0aCKn1EdqRspVhGyPlNdNVMi1
LNy6rUdzXEq4tcaJNGzXC/3w6e8+D4WeeuE4aNcro7vVqMGqy/Kb1JhtMdHkCMjF
cwnus+VaI4Lloury3bJXRrODOFy0va/+vWizExDz2jcXl0sZr3U4QMp9ttPWST4X
mKkuSL0yW2SX6H4UVrvlReWFM0nw+hsPJPLyRKq9SUyywxQ1rcu2EZpcTxEAfAKH
hihXA9FVOYJAgGxhwghWcOh56/O/M2eDrqeNgPPGancJUfqtMilz0JTA8XRSA8Z5
Wi/VMFA6ZirDS+Ni46i6aBpAJbJJGGeRyahME21HBfADqU5K2Le9AxRNOi/PFe+6
TPXrYctO4L+U0+jIWZLZt+0wivJkEZF6d4VYj/aLR0rZrEKlC8QXgGVo7QDXat9t
HBFJf/ktOzPS/hzf0qYbkXqIH6G1fr9S7B0UhWBQsRz1LiP0kKWSGLkALRwtJMXt
B2Mcbi/x60JnFCWErNna07Pb1mR/skd580SHO6BE0zlrh0AH2pFaZVcEMpDnBww7
7xr9p7Cyh4s=
=oF4e
-----END PGP SIGNATURE-----